UEFIs booting Windows and Linux devices can be hacked
 

There is a new security threat against every computer that uses UEFI.

https://arstechnica.com/security/202...rmware-attack/

Can the threat be avoided by switching to legacy BIOS?

The security threat that's a proof of concept, developed by researchers??? Probably not, since the article specifically outlines how it works. And that the vulnerable systems have already been identified and patches are rolling out to counter it. From the article itself:
Lots of proof-of-concept attacks are out there...hardly any ever make it 'into the wild', because they're just too clunky to deploy, as this one is. Because in order for this to work, you'd have to update your existing BIOS with one that has the exploit in it.

So yes...if you're going to download an update to your system from some sketchy third party without verification and shove it on your system, it could work.

Need to start pushing vendors to use open source firmware. https://www.coreboot.org/users.html

Most users never install firmware updates anyway (though they really should), but that would be a good start. Making them load as a boot option (ala Dell laptops) would also help and would make them OS agnostic.

Exactly.

From the article: "There are several ways to exploit LogoFAIL. Remote attacks work by first exploiting an unpatched vulnerability in a browser, media player, or other app and using the administrative control gained to replace the legitimate logo image processed early in the boot process with an identical-looking one that exploits a parser flaw. The other way is to gain brief access to a vulnerable device while it’s unlocked and replace the legitimate image file with a malicious one."

Breaking that down:
1. It requires administrator level access to your machine.
2. To obtain administrator level access to your machine, it needs: "an unpatched vulnerability in a browser, media player, or other app."

Those are high bars to jump over, particularly in this day & age.

Under Linux, you can prevent this by not using the root account for day-to-day tasks. On Windows, you can achieve a similar result by setting up a 'standard user' account for yourself... but almost nobody does that.

There are other reasons to not be worried about this, too, but I don't have time to write them all out because I've got work to do.

If I'm reading this correctly, an attacker needs read/write access to the ESP, something only root has. Then, you have to download and install a compromised image (as in picture), and hope a vulnerable EFI loader parses it to launch the attack. In short, you have to do a part firmware update, assuming you even had a logo to begin with, for a compromised logo to be installed.

Looks like someone at Binarly wanted to justify almost a year's worth of work and Arstechnica ran with this hair-on-fire story. :rolleyes:

The story here is that the image processing code in numerous UEFI BIOSes contain vulnerabilities that can only be characterised as ridiculous.

I have a really hard time believing that the programmers of these supposedly secure systems just had no idea that you have to properly validate input data in order to prevent vulnerabilities of this kind. Either an awful lot of programmers at an awful lot of billion-dollar companies are completely incompetent, or this is (or rather, was) intended as a backdoor.

 

Profitability doesn't require competence, and there are only three BIOS vendors involved.

Not that I'd rule out a deliberate backdoor, but it really doesn't surprise me.

In addition to simply being the work of an average incompetent developer, I can easily imagine "display an image" being a task given to an intern who has yet to learn anything meaningful about security, and it could also be "here's a quick and dirty version to start with, we'll replace it before launch" that, once an arbitrary deadline approaches, a non-developer project manager declares as good enough.

One must also consider other known exploits that are built in like intel v-pro active management technology or amd psp that are touted as a "feature" that you should want, built in back doors
in your hardware along with the telemetry riddled buggy ms windows variants. Also Linus Torvalds was approached by intelligence operatives and asked to put in backdoors into his kernel
and refused. Here you have a group of people (the intelligence community) that don't want to work too hard to do their jobs and end up making things less secure in the end while positing that
they are "just trying to protect you". From who them? When these guys keep getting caught doing things nobody else would get away with i start questioning the narrative.
Yeah i did a search on this logofail exploit and found this thread so i at least know the linux community is looking at it so that much is good. What do we have to do anyway make our own hardware
along with our software like apple so we can have more secure computers?

Which argues for the use of the FOSS bio alternatives. (See articles on coreboot, libreboot, osboot, heads for examples.)

Do you seriously think these guys are going to want to give up their free lunch
And if they did or we were able to wrest control of our hardware platforms from their lazy fingers
how long could we retain it anyway. Here is hoping (and i mean it) it will happen soon. Or maybe perhaps patch the vulnerable
logo boot image with a vetted and safe one (or maybe a picture of your cat i don't know) this might help. I for one
don't even display a corporate logo and that's good enough for me. Perhaps a slackware logo would be nice then at least we might
be sure it's safe by doing some sort of security check on it at boot up as well.

NOT the worst reason to use Open Source hardware and CPU with FOSS Firmware booting!

As i said: "Perhaps a slackware logo would be nice then at least we might
be sure it's safe by doing some sort of security check on it at boot up as well."
So the question remains how do we do it? Or is this a question for the opensource firmware people.