LogoFAIL – Critical UEFI Vulnerabilities Exposes Devices to Stealthy Malware Attack

UEFI vulnerabilities pose well-known threats, enabling hackers to total malicious code at some level of system boot, bypass security measures, and place continual control.

Exploiting these flaws permits attackers to compromise your entire system, resulting in:

• Unauthorized access
• Records theft
• The compromise system’s integrity

Cybersecurity researchers at the Binary learn crew as of late discovered severe UEFI vulnerabilities that uncover units to stealthy malware assaults.

The protection analysts own named this total contrivance of security flaws “LogoFAIL.”

Technical Diagnosis

LogoFAIL is a contrivance of most up-to-date security flaws existing in image parsing libraries in system firmware at some level of tool boot.

The impression of these flaws spans multiple vendors and ecosystems, severely affecting IBVs (Fair BIOS supplier) reference code. LogoFAIL affects both x86 and ARM units, focusing on UEFI and IBV resulting from susceptible image parsers.

LogoFAIL, firstly discovered on Lenovo units, with reported vulnerabilities below advisory BRLY-2023-006, started as a runt learn mission.

It changed into an trade-vast disclosure, discovering attack surfaces in image-parsing firmware parts by arrangement of fuzzing and static diagnosis with the efiXplorer plugin in IDA.

After the initial fuzzing, many crashes led to computerized triaging with Binarly’s inside program diagnosis framework.

Extra vulnerabilities within the Insyde code were discovered and reported below advisory BRLY-2022-018.

Vulnerabilities in logo parsing enable attackers to store malicious photography in EFI System Partition or unsigned firmware sections.

Exploiting these at some level of boot permits:-

• Arbitrary execution
• Bypassing Stable Boot
• Hardware-essentially based Verified Boot mechanisms

This vector permits a stealthy, continual firmware bootkit, bypassing endpoint security solutions.

The LogoFAIL compromises system security, bypassing Stable Boot and Intel Boot Guard, providing deep control to attackers.

Exploiting ESP partitions gifts a original information-handiest exploitation arrangement by arrangement of logo image modification, changing the level of view on ESP attack surfaces.

In difference to BlackLotus or BootHole, LogoFAIL avoids editing bootloaders or firmware, ensuring runtime integrity.

Exploiting with a modified boot logo triggers payload shipping after security measurements, allowing compromised signed UEFI parts to ruin the stable boot without detection.

A total bunch of units from Intel, Acer, Lenovo, and further are doubtlessly at threat of LogoFAIL, affecting predominant IBVs esteem:-

• AMI
• Insyde
• Phoenix

No matter hardware kind (x86 or ARM), the impression extends to merely about all units powered by these vendors. The wide security vulnerabilities demonstrate challenges in product security maturity and code quality within IBVs’ reference code, calling for a extra proactive and entire arrangement.