home.social

#logofail — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #logofail, aggregated by home.social.

  1. Einige Erläuterungen zu #Bootkitty von Binarly. Ganz interessant. Ich hatte mir damals #LogoFAIL nicht angesehen. Ist schon bisschen peinlich, wenn in einem Bilddekoder die Längenprüfung fehlt.

    #BIOS #UEFI #Linux #Infosec
    binarly.io/blog/logofail-explo

  2. Einige Erläuterungen zu #Bootkitty von Binarly. Ganz interessant. Ich hatte mir damals #LogoFAIL nicht angesehen. Ist schon bisschen peinlich, wenn in einem Bilddekoder die Längenprüfung fehlt.

    #BIOS #UEFI #Linux #Infosec
    binarly.io/blog/logofail-explo

  3. Einige Erläuterungen zu #Bootkitty von Binarly. Ganz interessant. Ich hatte mir damals #LogoFAIL nicht angesehen. Ist schon bisschen peinlich, wenn in einem Bilddekoder die Längenprüfung fehlt.

    #BIOS #UEFI #Linux #Infosec
    binarly.io/blog/logofail-explo

  4. Einige Erläuterungen zu #Bootkitty von Binarly. Ganz interessant. Ich hatte mir damals #LogoFAIL nicht angesehen. Ist schon bisschen peinlich, wenn in einem Bilddekoder die Längenprüfung fehlt.

    #BIOS #UEFI #Linux #Infosec
    binarly.io/blog/logofail-explo

  5. Einige Erläuterungen zu #Bootkitty von Binarly. Ganz interessant. Ich hatte mir damals #LogoFAIL nicht angesehen. Ist schon bisschen peinlich, wenn in einem Bilddekoder die Längenprüfung fehlt.

    #BIOS #UEFI #Linux #Infosec
    binarly.io/blog/logofail-explo

  6. Die #LogoFAIL-Schwachstelle öffnete zahlreiche Systeme für die Einschleusung von Bootkits. Endlich kommen nun auch Patches für #AMD-Mainboards bei den Nutzern an. winfuture.de/news,142162.html?

  7. Hey, when are you going to release a patch for the vulnerability for all your active motherboards?

    I see you've released a patch for several ROG X670 models, but no fix for the ROG X570 models (one of which I've had for less than three years). You're not going to leave us hanging, are you?

  8. Are you interested in #firmware? 👩‍💻
    Want to know about #UEFI and #security?
    Have you heard of the #LogoFAIL vulnerability?

    Come visit us at the #37C3 Open Source Firmware Foundation (OSFF) assembly! 🥳🏳️‍🌈

    events.ccc.de/congress/2023/hu

  9. @frameworkcomputer are Framework laptops affected by #LogoFAIL? If so, how to patch it?

    No updates are available for me with fwupd, and can't find any firmware updates on your website

  10. I wish I could say "not affected by #LogoFAIL" but only two of my computers in my collection run Coreboot. One really old T400 and the openSUSE-converted C13 Yoga Chromebook. Perhaps more vendors should take security seriously.
    #coreboot #linux

  11. C'est absolument génial, l'attaque #LogoFail. Comme bien des ordinateurs affichent un logo au démarrage, et que ce logo n'est pas en dur dans le code mais chargé depuis un fichier, l'analyseur du fichier est critique (cf. la faille récente sur WebP). Or, plein de BIOS ont un analyseur bogué, qui tourne avant le système d'exploitation, donc en open bar complet, et qui peut être trompé par une image malveillante.
    blackhat.com/eu-23/briefings/s

  12. "During the boot process, vulnerable firmware will load the malicious logo from the ESP and parse it with a vulnerable image parser, thus the attacker can hijack the execution flow by exploiting a vulnerability in the parser itself. By exploiting this threat, the attacker can achieve arbitrary code execution during the DXE phase, which means complete game-over for platform security."

    #LangSec #LogoFail

    arstechnica.com/security/2023/

  13. Security Week 2350: подробности атаки LogoFAIL

    Об этой работе компании Binarly мы уже упоминали на прошлой неделе: исследователи нашли нетривиальный и довольно опасный способ атаки на ПК путем подмены логотипа, сохраняемого в UEFI — прошивке, ответственной за первоначальную загрузку компьютера. Ранее была известна только общая идея атаки, а на прошлой неделе было опубликовано полноценное исследование ( исходник , а также краткое описание в издании ArsTechnica). Если выражаться привычными в данной ситуации определениями, специалисты компании Binarly «обнаружили двадцать четыре уязвимости в парсерах изображений, использованных всеми тремя ключевыми поставщиками прошивок UEFI». В наиболее печальном сценарии можно использовать стандартные инструменты, предоставляемые сборщикам ПК и ноутбуков компаниями Phoenix, AMI и Insyde для загрузки в прошивку UEFI вредоносного изображения. Демонстрация этого подменного логотипа при следующем включении ПК приведет к выполнению произвольного кода, причем отследить такой «буткит» на уровне операционной системы будет максимально проблематично.

    habr.com/ru/companies/kaspersk

    #logofail

  14. Wrote a tutorial for building your own platform BIOS and fuzzing the BMP boot logo image decoder using TSFFS so you can learn how to hunt for #LogoFAIL -like bugs yourself!

    Check out the full tutorial or if you want to jump straight to code because you're impatient you can do that too.

  15. It looks like Dell machines are not vulnerable to because their AMI Bios doesn't open that attack surface by allowing an enduser to modify a boot logo like Lenovo and Acer do. They still have an image parser which is vulnerable so firmware will need updated eventually.

    binarly.io/posts/finding_logof

  16. They had me at "Logo is stored in an unsigned part of the firmware update file". What a great idea when your image parsers are never updated. i.blackhat.com/EU-23/Presentat #logofail #infosec #uefi

  17. The #LogoFail #UEFI #exploit is a perfect example of how capitalism fucks everything up. So many people worked so hard on securing UEFI against #bootkits but having a goddamn image load was necessary for capitalist "intellectual property" to be enforced, thus opening this vulnerability for literally every Windows and Linux system with a hardware manufacturer logo loading in boot, which is most of them. arstechnica.com/security/2023/

    This isn't a security fail, it's a #capitalism fail, because the social/legal regime of #intellectualproperty is actually unnecessary and oppressive, and in this case prevented people from designing secure systems.

  18. "🚨 UEFI Under Threat: The LogoFAIL Vulnerability 🚨"

    A recent security report has brought attention to LogoFAIL, a collection of vulnerabilities that pose a substantial risk to devices utilizing UEFI firmware. These vulnerabilities enable attackers to install UEFI bootkits by leveraging weaknesses in the image-parsing components utilized by various vendors in their firmware. LogoFAIL's impact is widespread, affecting a broad range of devices across x86 and ARM architectures, including products from prominent manufacturers such as Intel, Acer, and Lenovo.

    Researchers at Binarly have uncovered that malicious payloads can be executed by injecting image files into the EFI System Partition (ESP), effectively evading security features like Secure Boot. This method of attack ensures the persistence of malware on the system, rendering it virtually undetected. LogoFAIL's full scope of impact is still being assessed, but it is already evident that it poses a significant threat to both consumer and enterprise-grade devices, as it bypasses security mechanisms designed to protect UEFI systems.

    Source: BlackHat talk and Bill Toulas, BleepingComputer

    MITRE ATT&CK Reference for UEFI Vulnerabilities: T1588.006

    Tags: #CyberSecurity #UEFI #Vulnerability #LogoFAIL #Bootkit #SecureBoot #FirmwareSecurity #Binarly #DeviceSecurity 🚨💻🔒