This new and dangerous attack affects almost all Windows and Linux computers, who is spared?

TechTrick December 7, 2023

64 1 minute read

It seems that the world of cybersecurity must be very attentive because it has emerged a new threat named LogoFAIL. This exploit discovered by Binarly researchers is not the typical attack you expect, since it is capable of sneaking inside your operating system, taking advantage of holes that were not even known to exist.

This attack rewrites the logo that appears when the system boots after successfully passing the System Boot Test (POST). The peculiarity of LogoFAIL is that runs at a very early stage, circumventing security measures designed to prevent these types of attacks.

This vulnerability affects motherboards that use the Unified Extensible Firmware Interface (UEFI) provided by independent BIOS vendors (IBV). This attack is testing industry giants.

In addition, it does not make distinctions between computers, impacting any platform with Intel, AMD or ARM architectures that runs Windows or Linux.

Who is safe? A race to protect against LogoFAIL

The attack occurs during the critical phase called Driver Execution Environment (DXE), after successfully passing the System Boot Test.

At this key moment, LogoFAIL replaces the UEFI boot logo with its own malicious creation. Binarly, the team of researchers who discovered it, demonstrated its effectiveness on a Lenovo ThinkCentre M70s with advanced security measures, such as Intel Secure Boot and Boot Guard.

Alex Matrodov, founder of Binarly, points out that you can bypass the security barriers installed by the CPU, the operating system and any other software. Furthermore, the problem persists even after reformatting the operating system.

Mention that Not everyone is in LogoFAIL’s spotlight. Manufacturers like Dell or even Macs seem to be successful thanks to their protections. AMI, Insyde, Lenovo and others have already issued warnings, but the list of those affected remains not completely transparent. The only thing that is known is that the community must move quickly to end this major problem.