LogoFAIL attack can install UEFI bootkits through bootup logos

Multiple security vulnerabilities collectively named LogoFAIL affect image-parsing components in the UEFI code from various vendors. Researchers warn that they could be exploited to hijack the execution flow of the booting process and to deliver bootkits. Because the issues are in the image parsing libraries, which vendors use to show logos during the booting routine, they have a broad impact and extend to x86 and ARM architectures. According to researchers at firmware supply chain security platform Binarly, the branding has introduced unnecessary security risks, making it possible to execute malicious payloads by injecting image files in the EFI System Partition. Abusing image parsers for attacks on the Unified Extensible Firmware Interface was demonstrated in 2009 when researchers Rafal Wojtczuk and Alexander Tereshkin presented how a BMP image parser bug could be exploited to infect the BIOS for malware persistence. Discovering the LogoFAIL vulnerabilities started as a small research project on attack surfaces from image-parsing components in the context of custom or outdated parsing code in UEFI firmware. The researchers found that an attacker could store a malicious image or logo on the EFI System Partition or in unsigned sections of a firmware update. "When these images are parsed during boot, the vulnerability can be triggered and an attacker-controlled payload can arbitrarily be executed to hijack the execution flow and bypass security features like Secure Boot, including hardware-based Verified Boot mechanisms" - Binarly. Planting malware in such a way ensures persistence on the system that is virtually undetected, as illustrated in past attacks leveraging infected UEFI components [1, 2]. LogoFAIL does not affect runtime integrity because there is no need to modify the bootloader or the firmware, a method seen with the BootHole vulnerability or the BlackLotus bootkit. In a video that Binarly shared privately with BleepingComputer, running the proof-of-concept script and rebooting the device resulted in creating an arbitrary file on the system. The researchers highlight that because it is not silicon-specific LogoFAIL vulnerabilities impact vendors and chips from multiple makers. The issues are present in products from many major device manufacturers that use UEFI firmware in consumer and enterprise-grade devices. Binarly has already determined that hundreds of devices from Intel, Acer, Lenovo, and other vendors are potentially vulnerable, and so are the three major independent providers of custom UEFI firmware code: AMI, Insyde, and Phoenix. It is also worth noting that the exact scope of the impact of LogoFAIL is still being determined. "While we are still in the process of understanding the actual extent of LogoFAIL, we already found that hundreds of consumer- and enterprise-grade devices are possibly vulnerable to this novel attack," the researchers say. The full technical details for LogoFAIL are to be presented on December 6 at the Black Hat Europe security conference in London. According to the summary of the LogoFAIL presentation, the researchers disclosed their findings to multiple device vendors and to the three major UEFI providers. Zyxel warns of multiple critical vulnerabilities in NAS devices. UK and South Korea: Hackers use zero-day in supply-chain attack. Critical bug in ownCloud file sharing app exposes admin passwords.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Fri, 01 Dec 2023 17:20:09 +0000


Cyber News related to LogoFAIL attack can install UEFI bootkits through bootup logos

LogoFAIL attack can install UEFI bootkits through bootup logos - Multiple security vulnerabilities collectively named LogoFAIL affect image-parsing components in the UEFI code from various vendors. Researchers warn that they could be exploited to hijack the execution flow of the booting process and to deliver ...
1 year ago Bleepingcomputer.com
LogoFAIL bugs in UEFI code allow planting bootkits via images - Multiple security vulnerabilities collectively named LogoFAIL affect image-parsing components in the UEFI code from various vendors. Researchers warn that they could be exploited to hijack the execution flow of the booting process and to deliver ...
1 year ago Bleepingcomputer.com
LogoFAIL Attack: A Deep Dive into UEFI Vulnerabilities - A new threat has emerged, sending shockwaves through the cybersecurity industry - the LogoFAIL attack. This vulnerability targets the image-parsing components within the UEFI code, affecting a multitude of devices and posing a serious risk to the ...
11 months ago Securityboulevard.com
UEFI Failing: What to Know About LogoFAIL Attacks - Security researchers, known for their inquisitive and unconventional methods, have recently scrutinized UEFI, revealing significant vulnerabilities called LogoFAIL vulnerabilities. These experts, who investigate systems to uncover unusual ways to ...
11 months ago Securityboulevard.com
Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack - Hundreds of Windows and Linux computer models from virtually all hardware makers are vulnerable to a new attack that executes malicious firmware early in the boot-up sequence, a feat that allows infections that are nearly impossible to detect or ...
11 months ago Arstechnica.com
Enterprise, Consumer Devices Exposed to Attacks via Malicious UEFI Logo Images - Firmware security company Binarly on Wednesday disclosed the details of an attack method that can be used to compromise many consumer and enterprise devices by leveraging malicious UEFI logo images. The attack method, dubbed LogoFAIL, exploits ...
11 months ago Securityweek.com
Critical 'LogoFAIL' Bugs Offer Secure Boot Bypass for Millions of PCs - Researchers have uncovered "LogoFAIL," a set of critical vulnerabilities present in the Unified Extensible Firmware Interface ecosystem for PCs. Exploitation of the vulnerabilities nullify essential endpoint security measures and provide attackers ...
1 year ago Darkreading.com
New Windows/Linux Firmware Attack - LogoFAIL is a constellation of two dozen newly discovered vulnerabilities that have lurked for years, if not decades, in Unified Extensible Firmware Interfaces responsible for booting modern devices that run Windows or Linux. The vulnerabilities are ...
11 months ago Schneier.com
PixieFail flaws impact PXE network boot in enterprise systems - A set of nine vulnerabilities, collectively called 'PixieFail,' impact the IPv6 network protocol stack of Tianocore's EDK II, the open-source reference implementation of the UEFI specification widely used in enterprise computers and servers. The ...
10 months ago Bleepingcomputer.com
Widespread Windows and Linux Vulnerabilities Could Let Attackers Sneak in Malicious Code Before Boot - Widespread Windows and Linux Vulnerabilities Could Let Attackers Sneak in Malicious Code Before Boot Lenovo, AMI and Insyde have released patches for LogoFAIL, an image library poisoning attack. Researchers at firmware supply chain security platform ...
11 months ago Techrepublic.com
LogoFail vulnerability affects many Windows and Linux devices - Many commercial computers are vulnerable to a set of vulnerabilities that exploit flaws in the processing of startup logos during boot. ADVERTISEMENT. Security researchers at Binarly have disclosed security vulnerabilities in system firmware used by ...
11 months ago Ghacks.net
UEFI exploit 'worse than BlackLotus' pwns PCs using images The Register - Hundreds of consumer and enterprise devices are potentially vulnerable to bootkit exploits through unsecured BIOS image parsers. Security researchers have identified vulnerabilities in UEFI system firmware from major vendors which they say could ...
1 year ago Go.theregister.com
Attack Vector vs Attack Surface: The Subtle Difference - Cybersecurity discussions about "Attack vectors" and "Attack surfaces" sometimes use these two terms interchangeably. This article guides you through the distinctions between attack vectors and attack surfaces to help you better understand the two ...
1 year ago Trendmicro.com
9 UEFI Flaws Expose Computers to Remote Attacks - Hackers exploit UEFI flaws to gain unauthorized access to a system's firmware, enabling them to implant persistent malware or manipulate the boot process. This provides a stealthy entry point that allows attackers to bypass traditional security ...
10 months ago Gbhackers.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
11 months ago Esecurityplanet.com
LogoFAIL - LogoFAIL refers to a set of vulnerabilities found in the Unified Extensible Firmware Interface (UEFI) code from various independent firmware/BIOS vendors (IBVs). These vulnerabilities are present in image parsing libraries embedded into the firmware. ...
11 months ago
BreachForums admin 'Pompourin' gets 20-year sentence The Register - Last Friday the US District Court for the Eastern District of Virginia ruled [PDF] that Fitzpatrick will spend the next 20 years of his life on supervised release. For the first two years he'll be under home arrest and tracked by a GPS device, and ...
10 months ago Go.theregister.com
PixieFail Bugs in UEFI Open Source Implementation Threaten Computers - A collection of security vulnerabilities found within the de facto open source implementation of the UEFI specification could expose systems to a range of threats, from remote code execution and denial-of-service to data leakage and DNS cache ...
10 months ago Securityboulevard.com
CVE-2020-3513 - Multiple vulnerabilities in the initialization routines that are executed during bootup of Cisco IOS XE Software for Cisco ASR 900 Series Aggregation Services Routers with a Route Switch Processor 3 (RSP3) installed could allow an authenticated, ...
4 years ago
CVE-2020-3416 - Multiple vulnerabilities in the initialization routines that are executed during bootup of Cisco IOS XE Software for Cisco ASR 900 Series Aggregation Services Routers with a Route Switch Processor 3 (RSP3) installed could allow an authenticated, ...
4 years ago
UEFI exploit 'worse than BlackLotus' pwns PCs using images The Register - Hundreds of consumer and enterprise devices are potentially vulnerable to bootkit exploits through unsecured BIOS image parsers. Security researchers have identified vulnerabilities in UEFI system firmware from major vendors which they say could ...
1 year ago Packetstormsecurity.com
7 Best Attack Surface Management Software for 2024 - Attack surface management is a relatively new cybersecurity technology that combines elements of vulnerability management and asset discovery with the automation capabilities of breach and attack simulation and applies them to an organization's ...
11 months ago Esecurityplanet.com
Attack Surface Management: What is it? Why do you need it? - Traditional asset inventory and vulnerability management software can't keep up to date with the growing attack surface and morphing vulnerabilities. Contrary to other cybersecurity software, Attack Surface Management software operates from a ...
11 months ago Securityboulevard.com
Windows 10 KB5034441 security update fails with 0x80070643 errors - Windows 10 users worldwide report problems installing Microsoft's January Patch Tuesday updates, getting 0x80070643 errors when attempting to install the KB5034441 security update for BitLocker. Windows 10 creates a recovery partition, usually around ...
10 months ago Bleepingcomputer.com
Limiting Remote Access Exposure in Hybrid Work Environments - Organizations have shifted to remote desktop work environments at an increasing speed since then - simultaneously expanding their attack surface and exposing themselves to greater cybersecurity threats. The remote work revolution has pushed companies ...
1 year ago Securityboulevard.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)