Security News LogoFAIL bugs in UEFI code allow planting bootkits via images

CyberTech

Level 44
Thread author
Verified
Top Poster
Well-known
Nov 10, 2017
3,281
Multiple security vulnerabilities collectively named LogoFAIL affect image-parsing components in the UEFI code from various vendors. Researchers warn that they could be exploited to hijack the execution flow of the booting process and to deliver bootkits.

Because the issues are in the image parsing libraries, which vendors use to show logos during the booting routine, they have a broad impact and extend to x86 and ARM architectures.

According to researchers at firmware supply chain security platform Binarly, the branding has introduced unnecessary security risks, making it possible to execute malicious payloads by injecting image files in the EFI System Partition (ESP).

LogoFAIL discovery and impact​

Abusing image parsers for attacks on the Unified Extensible Firmware Interface (UEFI) was demonstrated in 2009 when researchers Rafal Wojtczuk and Alexander Tereshkin presented how a BMP image parser bug could be exploited to infect the BIOS for malware persistence.

Discovering the LogoFAIL vulnerabilities started as a small research project on attack surfaces from image-parsing components in the context of custom or outdated parsing code in UEFI firmware.

The researchers found that an attacker could store a malicious image or logo on the EFI System Partition (ESP) or in unsigned sections of a firmware update.

"When these images are parsed during boot, the vulnerability can be triggered and an attacker-controlled payload can arbitrarily be executed to hijack the execution flow and bypass security features like Secure Boot, including hardware-based Verified Boot mechanisms (like Intel Boot Guard, AMD Hardware-Validated Boot or ARM TrustZone-based Secure Boot)" - Binarly

The rest
 

blackice

Level 38
Verified
Top Poster
Well-known
Apr 1, 2019
2,671
Was going to post about this. Didn’t realize bleeping computer had it up several days ago since it was making headlines yesterday. This kind of thing just makes it feel futile to keep things secure.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top