• Melllvar@startrek.website
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 year ago

    As its name suggests, LogoFAIL involves logos, specifically those of the hardware seller that are displayed on the device screen early in the boot process, while the UEFI is still running. Image parsers in UEFIs from all three major IBVs are riddled with roughly a dozen critical vulnerabilities that have gone unnoticed until now. By replacing the legitimate logo images with identical-looking ones that have been specially crafted to exploit these bugs, LogoFAIL makes it possible to execute malicious code at the most sensitive stage of the boot process, which is known as DXE, short for Driver Execution Environment.

    So, does disabling the boot logo prevent the attack, or would it only make the attack obvious?

  • _edge@discuss.tchncs.de
    link
    fedilink
    arrow-up
    0
    ·
    1 year ago

    There are several ways to exploit LogoFAIL. Remote attacks work by first exploiting an unpatched vulnerability in a browser, media player, or other app and using the administrative control gained to replace the legitimate logo image processed early in the boot process with an identical-looking one that exploits a parser flaw. The other way is to gain brief access to a vulnerable device while it’s unlocked and replace the legitimate image file with a malicious one.

    In short, the adversary requires elevated access to replace a file on the EFI partition. In this case, you should consider the machine compromised with or without this flaw.

    You weren’t hoping that Secure Boot saves your ass, were you?

    • blindsight@beehaw.org
      link
      fedilink
      arrow-up
      1
      ·
      edit-2
      1 year ago

      The idea is also that a compromised system will remains compromised after all storage drives are removed.