That's because he isn't making the former.
It took a hack [1] like Dan Goodin to make him look as though he were.
His actual claims, as far as I can determine and as corroborated by the Errata Security article, are: (1) that BIOS firmware, and potentially also built-in peripheral device firmware, might serve as a durable reservoir for malware; (2) that buffer overflows and similar sloppy coding practices in USB HID device drivers can serve as infection vectors; (3) that pre-existing malware can use ultrasound as a (buggy, flaky, slow) C&C protocol transport; and, finally and most controversially, (4) that he has live examples, as yet unpublished, of malware which demonstrates all three of these behaviors.
Claim 1 seems not particularly controversial, given that prototypes have been demonstrated at conferences.
Claim 2 has at least one example in the wild, in that a PlayStation 3 jailbreak