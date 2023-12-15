Researchers have discovered a new attack named LogoFAIL that exploits vulnerabilities in the firmware of Windows and Linux computers during the boot-up sequence. The attack, which has been deemed relatively easy to carry out, affects a wide range of computer models and allows for a high level of control over the infected devices. What makes LogoFAIL particularly dangerous is that it can be executed remotely after an initial exploit, making it difficult to detect using traditional security measures. The attackpasses popular defense mechanisms such as Secure Boot and Intel’s Secure Boot, enabling it to infect devices with bootkit malware.

LogoFAIL is the result of months of work Binarly, a firm specializing in identifying and securing firmware vulnerabilities. The researchers have disclosed the vulnerabilities to the relevant hardware and firmware suppliers, who are now releasing advisories and security patches for their vulnerable products. The vulnerabilities reside in the Unified Extensible Firmware Interfaces (UEFI) responsible for booting modern devices.

As the name suggests, LogoFAIL involves exploiting vulnerabilities in logo images displayed on the device screen during the boot process. By replacing legitimate logos with specially crafted ones, hackers can execute malicious code during the DXE phase of the boot process. This grants them full control over the device’s memory and disk, including the operating system itself. LogoFAIL can then deliver a second-stage payload that drops an executable onto the hard drive before the main OS starts.

LogoFAIL can be exploited through remote attacks using unpatched vulnerabilities in browsers or media players to replace legitimate logo images with malicious ones. It can also be carried out briefly gaining access to a vulnerable device while it’s unlocked. In either case, the malicious logo triggers the execution of attacker-controlled code during the DXE phase,passing security defenses.

Due to the wide range of affected computer models, it is crucial for users to check for security advisories from their hardware and firmware suppliers and apply the necessary security patches to mitigate the risk of exploitation.