Author

Topic: "Logo fail" security issue affects most of computers with UEFI (x86 and ARM) (Read 95 times)

legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
Am I missing something or the x64, i.e. most modern computers, are not affected by this?

x86 usually also used refer to x86_64 (support both 32-bit and 64-bit) device.

And the old computers may not have UEFI.

That's true. But BIOS is less secure than UEFI.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
Am I missing something or the x64, i.e. most modern computers, are not affected by this?
And the old computers may not have UEFI.

So.. am I missing something or this is actually not much of a threat to really care about?
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
Although interesting, it's really not that big a deal. If somebody has enough access to your machine to update or edit your BIOS or if your BIOS updates and you don't know why. You probably are already compromised in some other way. Yes another vulnerability is bad, but stressing out over this one should not be done.

Also, BIOS files usually have to be signed by the manufacturer before they will install. If you're installing an unsigned BIOS you can already kiss some of your security goodbye.

-Dave
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
I am not a tech security expert, but guys, we should all be carefull and update our BIOS firmware as soon as possible. The main computer manufacturers are (probably) already working on an update.

On other hand, updating BIOS/UEFI is one way to break your device if you're not being careful or you're being unlucky where your device lose power. Although some device these days have dual BIOS to prevent that from happening.
hero member
Activity: 504
Merit: 1065
Crypto Swap Exchange
I've just learned that a security issue was discovered by Binarly. They shared their researches in the Black Hat Europe 2023.

Everyone loves to customize and personalize their own devices: from text editors to background pictures, from operating systems to keyboard shortcuts, each device is almost unique. One of the most exotic customizations, done either for personal tastes or for company branding, is personalizing the logo displayed by the BIOS during boot. But what are the security implications of parsing user-supplied (a.k.a. "attacker-controlled") logo images during boot? Aren't we jumping back straight to 2009, when Rafal Wojtczuk and Alexander Tereshkin exploited a BMP parser bug in UEFI reference code… right?!

Enter LogoFAIL, our latest research revealing significant security vulnerabilities in the image parsing libraries used by nearly all BIOS vendors to display logo images during boot. Our research highlights the risks associated with parsing complex file formats at such a delicate stage of the platform startup. During this talk, we will show how some UEFI BIOSes allow attackers to store custom logo images, which are parsed during boot, on the EFI system partition (ESP) or inside unsigned sections of a firmware update. We also shed light on the implications of these vulnerabilities, which extend beyond mere graphical rendering. In fact, successful exploitation of these vulnerabilities allows attackers to hijack the execution flow and achieve arbitrary code execution. LogoFAIL vulnerabilities can compromise the security of the entire system rendering "below-the-OS" security measures completely ineffective (e.g., Secure Boot). Finally, our talk will include a detailed explanation of how we successfully escalate privileges from OS to firmware level by exploiting a real device vulnerable to LogoFAIL.

We disclosed our findings to different device vendors (Intel, Acer, Lenovo) and to the major UEFI IBVs (AMI, Insyde, Phoenix). While we are still in the process of understanding the actual extent of LogoFAIL, we already found that hundreds of consumer- and enterprise-grade devices are possibly vulnerable to this novel attack.

If you want more details about it, there is a link to the said presentation: https://i.blackhat.com/EU-23/Presentations/EU-23-Pagani-LogoFAIL-Security-Implications-of-Image_REV2.pdf

Direct link of Binarly article:  https://binarly.io/posts/finding_logofail_the_dangers_of_image_parsing_during_system_boot/
Other articles : 1 , 2



In this case, Windows and Linux users are both concerned ; as this exploit is related to the BIOS

I am not a tech security expert, but guys, we should all be carefull and update our BIOS firmware as soon as possible. The main computer manufacturers are (probably) already working on an update.
Jump to: