This new firmware attack can strike before your Windows or Linux device even boots up
Technology

This new firmware attack can strike before your Windows or Linux device even boots up

By Kevin Colleran

Researchers have created a firmware attack that can affect almost every Windows or Linux device. The attack is known as LogoFAIL, and it is exceptionally easy to carry out and could leave both enterprise and consumer devices susceptible to bad actors.

The attack is especially devious because it can, in many cases, be remotely executed in post-exploit situations using techniques that are almost impossible for traditional endpoint security products to pick up on. The exploit also runs during the earliest stages of the boot process, allowing the bad actors to bypass several of the operating system’s built-in defenses.

To call the LogoFAIL firmware attack an unprecedented attack on consumer and enterprise security is a bit of an understatement. Additionally, the researchers who devised the attack say that the nearly two dozen vulnerabilities that it relies on have lurked for years, if not decades, within Unified Extensible Firmware Interfaces (UEFI), which are responsible for booting modern Linux and Windows devices.

According to the reports on the discovery, the firmware attack is part of a coordinated mass research effort comprising almost every company involved in the x64 and ARM CPU ecosystem. You can see the LogoFAIL firmware attack in action in the video embedded above.

It’s titled LogoFAIL because it attacks during the bootup logo for the device, utilizing roughly a dozen critical vulnerabilities that the researchers say have remained unnoticed and undiscovered until now. The good news is that bad actors haven’t likely known about these vulnerabilities, which means they haven’t been exploited yet.

It’s unclear how quickly fixes for the exploits that make the LogoFAIL firmware attack possible will be fixed. Because LogoFAIL doesn’t require physical access to the device, it’s exceptionally powerful and dangerous. The researchers also say it is likely these exploits have remained undiscovered for so long because the companies didn’t test the image parsers that display the company logo during bootup.

Stay connected with us on social media platform for instant update click here to join our  Twitter, & Facebook

We are now on Telegram. Click here to join our channel (@TechiUpdate) and stay updated with the latest Technology headlines.

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! TechiLive.in is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.
Kevin Colleran 84874 posts