UEFI Failing: What to Know About LogoFAIL Attacks

Security researchers, known for their inquisitive and unconventional methods, have recently scrutinized UEFI, revealing significant vulnerabilities called LogoFAIL vulnerabilities.
These experts, who investigate systems to uncover unusual ways to exploit them, discovered that UEFI, the modern replacement for traditional BIOS, is susceptible to certain failures - which have wide-ranging impacts.
Specifically, researchers found that the libraries used by various system integrators and vendors in their motherboards' UEFI are vulnerable.
These libraries can be manipulated to perform unforeseen operations through specially crafted images displayed during system boot-up, such as logos and banners.
This manipulation effectively circumvents security features like Secure Boot, misleading the subsequent operating system.
Prior Knowledge Understanding UEFI. UEFI stands for Unified Extensible Firmware Interface, an advanced version of the old BIOS. It is essentially a compact operating system that manages hardware initialization and preliminary system security before transitioning control to the main operating system.
UEFI oversees numerous functions, including CPU frequency, power and thermal management, memory timings, and peripheral operations.
Some UEFI systems even offer network connectivity for firmware updates without an operating system being required.
Unlike BIOS, UEFI provides a consistent visual experience by displaying an image during boot-up, which remains visible throughout the UEFI initialization and into the operating system's boot phase.
This differs from BIOS, which typically involves screen resolution changes and text mode resets before operating system drivers are activated.
They're called LogoFAIL vulnerabilities, and they arise from flaws in image parsing libraries embedded in UEFI system firmware.
These vulnerabilities are triggered when a malicious logo image file is injected into the EFI system partition, leading to the execution of payloads that can hijack the boot process and bypass security mechanisms like Secure Boot and Intel Boot Guard.
It is important to note that, despite the hype, to exploit these vulnerabilities it is necessary to have access to the system in the first place, and in that access, to have privileges to write to the EFI partition and UEFI non-volatile ram.
Consider, for example, a ransomware that persists even system reimaging attempts after an infrastructure-wide attack.
Having code running before the operating system has a chance to even start loading and protecting against threats is an especially egregious threat.
LogoFAIL can lead to attacks against any operating system - Linux, Windows, Mac or even more esoteric ones.
It actually survives an operating system reinstall, so it is very resilient to removal attempts.
It's not the first time that firmware has been considered as a persistent way to target a system, as the hard disk firmware exploit showed some years ago, but this is certainly the least-effort way of achieving this level of resiliency.
Affected vendors will have to release updated UEFI images, so firmware updates are required to effectively patch the impacted libraries that are behind the problem, but doing so will protect the system against this threat.
Fuzzing UEFI. The researchers who discovered the problem did so by fuzzing the UEFI code, and they acknowledge that, so far, the risk is theoretical only.


This Cyber News was published on securityboulevard.com. Publication date: Tue, 26 Dec 2023 10:43:05 +0000


Cyber News related to UEFI Failing: What to Know About LogoFAIL Attacks

UEFI Failing: What to Know About LogoFAIL Attacks - Security researchers, known for their inquisitive and unconventional methods, have recently scrutinized UEFI, revealing significant vulnerabilities called LogoFAIL vulnerabilities. These experts, who investigate systems to uncover unusual ways to ...
11 months ago Securityboulevard.com
LogoFAIL bugs in UEFI code allow planting bootkits via images - Multiple security vulnerabilities collectively named LogoFAIL affect image-parsing components in the UEFI code from various vendors. Researchers warn that they could be exploited to hijack the execution flow of the booting process and to deliver ...
1 year ago Bleepingcomputer.com
LogoFAIL attack can install UEFI bootkits through bootup logos - Multiple security vulnerabilities collectively named LogoFAIL affect image-parsing components in the UEFI code from various vendors. Researchers warn that they could be exploited to hijack the execution flow of the booting process and to deliver ...
1 year ago Bleepingcomputer.com
LogoFAIL Attack: A Deep Dive into UEFI Vulnerabilities - A new threat has emerged, sending shockwaves through the cybersecurity industry - the LogoFAIL attack. This vulnerability targets the image-parsing components within the UEFI code, affecting a multitude of devices and posing a serious risk to the ...
1 year ago Securityboulevard.com
Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack - Hundreds of Windows and Linux computer models from virtually all hardware makers are vulnerable to a new attack that executes malicious firmware early in the boot-up sequence, a feat that allows infections that are nearly impossible to detect or ...
1 year ago Arstechnica.com
Enterprise, Consumer Devices Exposed to Attacks via Malicious UEFI Logo Images - Firmware security company Binarly on Wednesday disclosed the details of an attack method that can be used to compromise many consumer and enterprise devices by leveraging malicious UEFI logo images. The attack method, dubbed LogoFAIL, exploits ...
1 year ago Securityweek.com
Critical 'LogoFAIL' Bugs Offer Secure Boot Bypass for Millions of PCs - Researchers have uncovered "LogoFAIL," a set of critical vulnerabilities present in the Unified Extensible Firmware Interface ecosystem for PCs. Exploitation of the vulnerabilities nullify essential endpoint security measures and provide attackers ...
1 year ago Darkreading.com
Widespread Windows and Linux Vulnerabilities Could Let Attackers Sneak in Malicious Code Before Boot - Widespread Windows and Linux Vulnerabilities Could Let Attackers Sneak in Malicious Code Before Boot Lenovo, AMI and Insyde have released patches for LogoFAIL, an image library poisoning attack. Researchers at firmware supply chain security platform ...
1 year ago Techrepublic.com
New Windows/Linux Firmware Attack - LogoFAIL is a constellation of two dozen newly discovered vulnerabilities that have lurked for years, if not decades, in Unified Extensible Firmware Interfaces responsible for booting modern devices that run Windows or Linux. The vulnerabilities are ...
1 year ago Schneier.com
LogoFail vulnerability affects many Windows and Linux devices - Many commercial computers are vulnerable to a set of vulnerabilities that exploit flaws in the processing of startup logos during boot. ADVERTISEMENT. Security researchers at Binarly have disclosed security vulnerabilities in system firmware used by ...
1 year ago Ghacks.net
9 UEFI Flaws Expose Computers to Remote Attacks - Hackers exploit UEFI flaws to gain unauthorized access to a system's firmware, enabling them to implant persistent malware or manipulate the boot process. This provides a stealthy entry point that allows attackers to bypass traditional security ...
11 months ago Gbhackers.com
LogoFAIL - LogoFAIL refers to a set of vulnerabilities found in the Unified Extensible Firmware Interface (UEFI) code from various independent firmware/BIOS vendors (IBVs). These vulnerabilities are present in image parsing libraries embedded into the firmware. ...
1 year ago
PixieFail flaws impact PXE network boot in enterprise systems - A set of nine vulnerabilities, collectively called 'PixieFail,' impact the IPv6 network protocol stack of Tianocore's EDK II, the open-source reference implementation of the UEFI specification widely used in enterprise computers and servers. The ...
11 months ago Bleepingcomputer.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
UEFI exploit 'worse than BlackLotus' pwns PCs using images The Register - Hundreds of consumer and enterprise devices are potentially vulnerable to bootkit exploits through unsecured BIOS image parsers. Security researchers have identified vulnerabilities in UEFI system firmware from major vendors which they say could ...
1 year ago Go.theregister.com
The year of Mega Ransomware attacks with unprecedented impact on global organizations - A Staggering 1 in every 10 organizations worldwide hit by attempted Ransomware attacks in 2023, surging 33% from previous year, when 1 in every 13 organisations received ransomware attacks Throughout 2023, organizations around the world have each ...
11 months ago Blog.checkpoint.com
PixieFail Bugs in UEFI Open Source Implementation Threaten Computers - A collection of security vulnerabilities found within the de facto open source implementation of the UEFI specification could expose systems to a range of threats, from remote code execution and denial-of-service to data leakage and DNS cache ...
11 months ago Securityboulevard.com
BreachForums admin 'Pompourin' gets 20-year sentence The Register - Last Friday the US District Court for the Eastern District of Virginia ruled [PDF] that Fitzpatrick will spend the next 20 years of his life on supervised release. For the first two years he'll be under home arrest and tracked by a GPS device, and ...
11 months ago Go.theregister.com
You Don't Know Where Your Secrets Are - Do you know where your secrets are? If not, I can tell you: you are not alone. Hundreds of CISOs, CSOs, and security leaders, whether from small or large companies, don't know either. No matter the organization's size, the certifications, tools, ...
1 year ago Thehackernews.com
Ransomware Attacks: Are You Self-Sabotaging? - In 2023, recovering from a ransomware attack cost on average $1.82 million-not including paying any ransom-and some organizations get hit more than once. If you're hit, you generally have to choose between paying that ransom or restoring your data ...
1 year ago Cybersecurity-insiders.com
Why every company needs a DDoS response plan - Today's DDoS attacks are not what they were even a few years ago, and we continue to see DDoS attacks that are framed as the largest in history. As a result, large organizations need adaptive, multilayered defense capabilities that can respond just ...
5 months ago Helpnetsecurity.com
The Rise of DDoS Attacks in Q3, 2023: Are You Prepared? - The Indusface AppSec Q3, 2023 Report reveals a staggering 67% surge in DDoS attacks compared to the previous quarter, highlighting a concerning trend with profound impacts on various industries. Over 41% of websites have shown signs of DDoS attacks ...
11 months ago Cybersecuritynews.com
The State of DDoS Attacks: Evolving Tactics and Targets Businesses Must Be Aware Of - Now, these attacks are becoming more dangerous, targeted, and detrimental as they evolve. As DDoS attacks become more sophisticated, adversaries are able to hone in on the most vulnerable targets, ranging from small- and medium-sized businesses to ...
11 months ago Cyberdefensemagazine.com
Vulnerability Summary for the Week of January 15, 2024 - This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions 3.11.3, 3.10.5, 3.9.8, and 3.8.13 This vulnerability was reported via the GitHub Bug Bounty program. Successful attacks require human interaction from a ...
10 months ago Cisa.gov
87% of DDoS Attacks Targeted Windows OS Devices in 2023 - Computers and servers became the primary target of attacks, making up 92% of DDoS attempts, compared to only 68% in the previous year. Attacks are also becoming shorter and less frequent, but more powerful. While the overall count in attack frequency ...
7 months ago Darkreading.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)