LogoFAIL or how a simple virus is almost impossible to detect – Le Journal de Montréal

The UEFI firmware that boots Windows and Linux devices can be hijacked using simple malicious logo images.

Before we begin, some definitions.

What is UEFI? Released in 2006, UEFI is an improvement to the BIOS of Windows systems. UEFI stands for Unified Extensible Firmware Interface. Stored on a chip on the motherboard, its main task is to overcome the limitations of the BIOS (basic input/output system) to create a new, more efficient system in response to the new performance of computers.

For the uninitiated, BIOS is a command program in a computer that checks each of the basic components when booting to adapt the operating system to its hardware environment.

LogoFAIL or how a simple virus is almost impossible to detect

An attack that is difficult to stop

Hundreds of Windows and Linux computer models from virtually every hardware manufacturer are vulnerable to a new attack that executes malicious firmware early in the boot sequence, enabling infections that are virtually impossible to detect or eliminate with current defenses.

LogoFAIL: Remote control

The attack, dubbed LogoFAIL, is notable for its relative ease of execution, the range of consumer and professional models affected, and the high level of control it enables.

In many cases, LogoFAIL can be executed remotely in post-exploitation situations using techniques that cannot be detected by traditional security products.

LogoFAIL or how a simple virus is almost impossible to detect

Example of a corrupt BIOS

And because the contaminations occur in the early stages of a computer’s boot process, they can bypass a variety of defenses, including industry-leading Secure Boot, Intel Secure Boot, and similar protections. Other companies aim to prevent bootkit infections – or malware attacking boot firmware.

To protect your system: Install UEFI security updates

A handful of new UEFI bootkits have been discovered in recent years. In response to these threats, device manufacturers have begun taking measures to better lock down the UEFI boot process.

The best way to prevent LogoFAIL attacks is to install UEFI security updates. These patches are distributed by the manufacturer of the device or the motherboard installed in the device. It is also advisable to configure UEFI to use multiple layers of defense whenever possible. In addition to Secure Boot, these are Intel Boot Guard and, if available, Intel BIOS Guard. Similar additional defenses are available for devices with AMD or ARM processors.


Posted

in

by