IMPORTANT: Vulnerabilities

Alexzee

Alexzee

Well-Known Member
Joined
Jun 1, 2019
Messages
3,754
Reaction score
2,016
Credits
22,440
A very good friend of mine who taught me how to run Linux just sent me these 2 article's.

"Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack"

arstechnica.com

Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack

UEFIs booting Windows and Linux devices can be hacked by malicious logo images.
arstechnica.com arstechnica.com

Image files in UEFI can be abused to modify boot behavior

Binarly has also observed that in some cases an attacker can create a bundled firmware update that contains a corrupt or malicious image to trigger these vulnerabilities

CERT/CC Vulnerability Note VU#811862

Image files in UEFI can be abused to modify boot behavior
www.kb.cert.org www.kb.cert.org

Can this happen even with a BIOS password in place?
 


Interesting, that Dells look pretty safe.

Works for me (I have Dell).

Wiz
 
Thanks for those interesting links Alexzee. I guess a significant point made in the arstechnica article is that the exploit works by:
using the administrative control gained to replace the legitimate logo
Click to expand...
so the exploit needs root access to the machine first. So there needs to be some way of the exploiter to "get in". Only once in, can the exploit work it seems, so apparently, the machine needs to have another vulnerability enabling the exploiter to plant the exploit and for it then to be executed.
 
osprey said:
so the exploit needs root access to the machine first.
Click to expand...

Anyone with (unmonitored) physical access owns the device. Though that's less true if the device is off and encrypted, but you get the idea.

This is just another route. In fact, if (as you say) they have access, this seems like a step they don't really need to take. They already have access.

My refurbished computer is a Dell. Imagine that?!?
 
KGIII said:
Anyone with (unmonitored) physical access owns the device. Though that's less true if the device is off and encrypted, but you get the idea.

This is just another route. In fact, if (as you say) they have access, this seems like a step they don't really need to take. They already have access.
Click to expand...
Yes. I guess the "malicious" aspect is if the exploiter gains access to a user's computer which is unknown to that computer user, and then the exploiter is able to make some nefarious use of that machine that perhaps doesn't become apparent to the user for some time, if at all. That could be scary.
 
www.zdnet.com

This is how to protect your computers from LogoFAIL attacks

This obnoxious constellation of firmware attacks takes over computers. Here's which devices are vulnerable and what you can do to protect them.
www.zdnet.com www.zdnet.com

Written by Steven Vaughan-Nichols, Senior Contributing Editor Dec. 13, 2023 at 7:33 a.m. PT

Macs, smartphones, and other devices that don't use UEFI are not vulnerable. Even Intel Apple Macs, which used UEFI to boot, can't be attacked by LogoFAIL. That protection happens because Apple has hardcoded its logo image files into the UEFI and you can't replace them with a malicious duplicate.


The trick is to keep attackers from getting access to the EFI System Partition (ESP) in the first place. This hidden part of your drive is where the logo image is stored. If the attackers can't reach the ESP, they can't attack it.

Most Dell computers aren't vulnerable, either. That's because the company uses Intel Boot Guard to make it impossible to replace the images. In addition, Dell devices, generally speaking, don't allow you to change logo images.





The real fix is to upgrade your firmware. Fixes are on their way from AMI, Intel, Insyde, Phoenix, and Lenovo. They're not coming out quickly, though. As Intel states: "Bios updates will be released late Q4 2023 to early Q1 2024."
 
osprey said:
Yes. I guess the "malicious" aspect is if the exploiter gains access to a user's computer which is unknown to that computer user, and then the exploiter is able to make some nefarious use of that machine that perhaps doesn't become apparent to the user for some time, if at all. That could be scary.
Click to expand...
Scary, I agree. What is the likelyhood of getting past a BIOS password and encryption?
 
Condobloke said:
www.zdnet.com

This is how to protect your computers from LogoFAIL attacks

This obnoxious constellation of firmware attacks takes over computers. Here's which devices are vulnerable and what you can do to protect them.
www.zdnet.com www.zdnet.com

Written by Steven Vaughan-Nichols, Senior Contributing Editor Dec. 13, 2023 at 7:33 a.m. PT

Macs, smartphones, and other devices that don't use UEFI are not vulnerable. Even Intel Apple Macs, which used UEFI to boot, can't be attacked by LogoFAIL. That protection happens because Apple has hardcoded its logo image files into the UEFI and you can't replace them with a malicious duplicate.


The trick is to keep attackers from getting access to the EFI System Partition (ESP) in the first place. This hidden part of your drive is where the logo image is stored. If the attackers can't reach the ESP, they can't attack it.

Most Dell computers aren't vulnerable, either. That's because the company uses Intel Boot Guard to make it impossible to replace the images. In addition, Dell devices, generally speaking, don't allow you to change logo images.





The real fix is to upgrade your firmware. Fixes are on their way from AMI, Intel, Insyde, Phoenix, and Lenovo. They're not coming out quickly, though. As Intel states: "Bios updates will be released late Q4 2023 to early Q1 2024."
Click to expand...
I checked on a friends MSI Legacy + UEFI BIOS that I am the administrator of.
Long story short, the upgrade for that mobo is a .exe and there are only Linux systems on that box.
This is a problem IMO.
 
osprey said:
Thanks for those interesting links Alexzee. I guess a significant point made in the arstechnica article is that the exploit works by:

so the exploit needs root access to the machine first. So there needs to be some way of the exploiter to "get in". Only once in, can the exploit work it seems, so apparently, the machine needs to have another vulnerability enabling the exploiter to plant the exploit and for it then to be executed.
Click to expand...
You're welcome.
A very important topic on my priority list.
 
Can I really update my BIOS with Linux without destroying my computer? Last time I needed a BIOS update I had to install windows to run the update
 
Terminal Velocity said:
Can I really update my BIOS with Linux without destroying my computer? Last time I needed a BIOS update I had to install windows to run the update
Click to expand...
I know what you mean.
After looking for a BIOS update I only found a .exe file. which as you already know won't work with Linux systems.

If you don't have Windows installed then another option would be to setup encryption during a fresh Linux installation.
There may be other ways however; this isn't my area of expertise:-

IF you do update your BIOS be be absolutely certain that you have the exact BIOS update/upgrade for your exact mobo.
 
You can (often) use that .exe. You boot to BIOS and select update and it will read a USB with the .exe on it.

I'm unsure if MSI does this.

EDIT: In some instances I think you can also just boot to the USB and the BIOS recognizes it.
 
KGIII said:
You can (often) use that .exe. You boot to BIOS and select update and it will read a USB with the .exe on it.

I'm unsure if MSI does this.

EDIT: In some instances I think you can also just boot to the USB and the BIOS recognizes it.
Click to expand...
Update from the usb didn't worked for me at the time(HP), now I have an other computer (Lenovo) may this time works
 
Terminal Velocity said:
Can I really update my BIOS with Linux without destroying my computer? Last time I needed a BIOS update I had to install windows to run the update
Click to expand...
Is this an ASRock motherboard ?

If so, have a read of this:


I can only imagine that the approach above would also work for any motherboard manufacturer who tells you to install windows to update your bios
 
KGIII said:
You can (often) use that .exe. You boot to BIOS and select update and it will read a USB with the .exe on it.

I'm unsure if MSI does this.

EDIT: In some instances I think you can also just boot to the USB and the BIOS recognizes it.
Click to expand...
A .exe won't work with Linux right?
Sanity check--
 
Laptops also have a motherboard...it may be modified of course...but it is still a motherboard with the same requirements etc etc re bios updates
 
And yet, the bios update worked for me like a charm.

Read the approach I took via that link...

The possibility of that approach working was kindly supplied by @KGIII

My limited understanding tells me that the bios file is aimed at the motherboards bios......not at Linux
 
osprey said:
Yes. I guess the "malicious" aspect is if the exploiter gains access to a user's computer which is unknown to that computer user, and then the exploiter is able to make some nefarious use of that machine that perhaps doesn't become apparent to the user for some time, if at all. That could be scary.
Click to expand...
It happens a lot to me because I have no firewall.
 
You must log in or register to reply here.

Members online

Total: 762 (members: 4, guests: 758)

Latest posts

Top