logoFAIL vulnerability

[tgw]

For the past weeks, the internet has been awash with warnings about that UEFI / BIOS vulnerability, urging everyone to look for mobo manufacturers' firmware patches and update their mobo firmware.

 

Hackers can exploit that vulnerability if they replace the logo image file within the BIOS firmware. And that code has to somehow get there in the first place.

 

In other words, the hacker needs to find a way into a target system by other means – such as an unpatched security flaw – and gain elevated privileges, or via a physical attack vector by using an BIOS flash program to inject the malicious image.

 

This could be a real threat to organizations where people have physical access to machines.

 

For home users, the threat should be very limited if their software is up-to-date, but anyone who is potentially a target should be aware of the vulnerability.

 

And doubly aware :

 

1- it's still possible to be targeted by hackers using zero-day exploits that will enable the attack vector

 

2- rushing to manufacturers' websites to download firmware updates could potentially lead to disaster if the manufacturer's website has been spoofed, or if a man-in-the-middle attack delivers the wrong file to the downloader.

 

In the case #2, it would mean that making the target aware of the threat, and if then the target takes the expected action, would also enable the attack. Very elegant.

 

 

[ukrules]

I'm doing nothing.

[Chris Daley]

Oh no they hacked me.  Have fun looking at pictures of my cat and English worksheets.