IMPORTANT: Vulnerabilities

Alexzee

Well-Known Member
Joined
Jun 1, 2019
Messages
4,071
Reaction score
2,208
Credits
24,877
A very good friend of mine who taught me how to run Linux just sent me these 2 article's.

"Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack"


Image files in UEFI can be abused to modify boot behavior

Binarly has also observed that in some cases an attacker can create a bundled firmware update that contains a corrupt or malicious image to trigger these vulnerabilities


Can this happen even with a BIOS password in place?
 


Interesting, that Dells look pretty safe.

Works for me (I have Dell).

Wiz
 
Thanks for those interesting links Alexzee. I guess a significant point made in the arstechnica article is that the exploit works by:
using the administrative control gained to replace the legitimate logo
so the exploit needs root access to the machine first. So there needs to be some way of the exploiter to "get in". Only once in, can the exploit work it seems, so apparently, the machine needs to have another vulnerability enabling the exploiter to plant the exploit and for it then to be executed.
 
so the exploit needs root access to the machine first.

Anyone with (unmonitored) physical access owns the device. Though that's less true if the device is off and encrypted, but you get the idea.

This is just another route. In fact, if (as you say) they have access, this seems like a step they don't really need to take. They already have access.

My refurbished computer is a Dell. Imagine that?!?
 
Anyone with (unmonitored) physical access owns the device. Though that's less true if the device is off and encrypted, but you get the idea.

This is just another route. In fact, if (as you say) they have access, this seems like a step they don't really need to take. They already have access.
Yes. I guess the "malicious" aspect is if the exploiter gains access to a user's computer which is unknown to that computer user, and then the exploiter is able to make some nefarious use of that machine that perhaps doesn't become apparent to the user for some time, if at all. That could be scary.
 

Written by Steven Vaughan-Nichols, Senior Contributing Editor Dec. 13, 2023 at 7:33 a.m. PT

Macs, smartphones, and other devices that don't use UEFI are not vulnerable. Even Intel Apple Macs, which used UEFI to boot, can't be attacked by LogoFAIL. That protection happens because Apple has hardcoded its logo image files into the UEFI and you can't replace them with a malicious duplicate.


The trick is to keep attackers from getting access to the EFI System Partition (ESP) in the first place. This hidden part of your drive is where the logo image is stored. If the attackers can't reach the ESP, they can't attack it.

Most Dell computers aren't vulnerable, either. That's because the company uses Intel Boot Guard to make it impossible to replace the images. In addition, Dell devices, generally speaking, don't allow you to change logo images.





The real fix is to upgrade your firmware. Fixes are on their way from AMI, Intel, Insyde, Phoenix, and Lenovo. They're not coming out quickly, though. As Intel states: "Bios updates will be released late Q4 2023 to early Q1 2024."
 
Yes. I guess the "malicious" aspect is if the exploiter gains access to a user's computer which is unknown to that computer user, and then the exploiter is able to make some nefarious use of that machine that perhaps doesn't become apparent to the user for some time, if at all. That could be scary.
Scary, I agree. What is the likelyhood of getting past a BIOS password and encryption?
 

Written by Steven Vaughan-Nichols, Senior Contributing Editor Dec. 13, 2023 at 7:33 a.m. PT

Macs, smartphones, and other devices that don't use UEFI are not vulnerable. Even Intel Apple Macs, which used UEFI to boot, can't be attacked by LogoFAIL. That protection happens because Apple has hardcoded its logo image files into the UEFI and you can't replace them with a malicious duplicate.


The trick is to keep attackers from getting access to the EFI System Partition (ESP) in the first place. This hidden part of your drive is where the logo image is stored. If the attackers can't reach the ESP, they can't attack it.

Most Dell computers aren't vulnerable, either. That's because the company uses Intel Boot Guard to make it impossible to replace the images. In addition, Dell devices, generally speaking, don't allow you to change logo images.





The real fix is to upgrade your firmware. Fixes are on their way from AMI, Intel, Insyde, Phoenix, and Lenovo. They're not coming out quickly, though. As Intel states: "Bios updates will be released late Q4 2023 to early Q1 2024."
I checked on a friends MSI Legacy + UEFI BIOS that I am the administrator of.
Long story short, the upgrade for that mobo is a .exe and there are only Linux systems on that box.
This is a problem IMO.
 
Thanks for those interesting links Alexzee. I guess a significant point made in the arstechnica article is that the exploit works by:

so the exploit needs root access to the machine first. So there needs to be some way of the exploiter to "get in". Only once in, can the exploit work it seems, so apparently, the machine needs to have another vulnerability enabling the exploiter to plant the exploit and for it then to be executed.
You're welcome.
A very important topic on my priority list.
 
Can I really update my BIOS with Linux without destroying my computer? Last time I needed a BIOS update I had to install windows to run the update
 
Can I really update my BIOS with Linux without destroying my computer? Last time I needed a BIOS update I had to install windows to run the update
I know what you mean.
After looking for a BIOS update I only found a .exe file. which as you already know won't work with Linux systems.

If you don't have Windows installed then another option would be to setup encryption during a fresh Linux installation.
There may be other ways however; this isn't my area of expertise:-

IF you do update your BIOS be be absolutely certain that you have the exact BIOS update/upgrade for your exact mobo.
 
You can (often) use that .exe. You boot to BIOS and select update and it will read a USB with the .exe on it.

I'm unsure if MSI does this.

EDIT: In some instances I think you can also just boot to the USB and the BIOS recognizes it.
 
You can (often) use that .exe. You boot to BIOS and select update and it will read a USB with the .exe on it.

I'm unsure if MSI does this.

EDIT: In some instances I think you can also just boot to the USB and the BIOS recognizes it.
Update from the usb didn't worked for me at the time(HP), now I have an other computer (Lenovo) may this time works
 
Can I really update my BIOS with Linux without destroying my computer? Last time I needed a BIOS update I had to install windows to run the update
Is this an ASRock motherboard ?

If so, have a read of this:


I can only imagine that the approach above would also work for any motherboard manufacturer who tells you to install windows to update your bios
 
You can (often) use that .exe. You boot to BIOS and select update and it will read a USB with the .exe on it.

I'm unsure if MSI does this.

EDIT: In some instances I think you can also just boot to the USB and the BIOS recognizes it.
A .exe won't work with Linux right?
Sanity check--
 
Laptops also have a motherboard...it may be modified of course...but it is still a motherboard with the same requirements etc etc re bios updates
 
And yet, the bios update worked for me like a charm.

Read the approach I took via that link...

The possibility of that approach working was kindly supplied by @KGIII

My limited understanding tells me that the bios file is aimed at the motherboards bios......not at Linux
 
Yes. I guess the "malicious" aspect is if the exploiter gains access to a user's computer which is unknown to that computer user, and then the exploiter is able to make some nefarious use of that machine that perhaps doesn't become apparent to the user for some time, if at all. That could be scary.
It happens a lot to me because I have no firewall.
 

Members online


Top