Researchers have created a firmware attack that can affect almost every Windows or Linux device. The attack is known as LogoFAIL, and it is exceptionally easy to carry out and could leave both enterprise and consumer devices susceptible to bad actors.
The attack is especially devious because it can, in many cases, be remotely executed in post-exploit situations using techniques that are almost impossible for traditional endpoint security products to pick up on. The exploit also runs during the earliest stages of the boot process, allowing the bad actors to bypass several of the operating system’s built-in defenses.
To call the LogoFAIL firmware attack an unprecedented attack on consumer and enterprise security is a bit of an understatement. Additionally, the researchers who devised the attack say that the nearly two dozen vulnerabilities that it relies on have lurked for years, if not decades, within Unified Extensible Firmware Interfaces (UEFI), which are responsible for booting modern Linux and Windows devices.
According to the reports on the discovery, the firmware attack is part of a coordinated mass research effort comprising almost every company involved in the x64 and ARM CPU ecosystem. You can see the LogoFAIL firmware attack in action in the video embedded above.
It’s titled LogoFAIL because it attacks during the bootup logo for the device, utilizing roughly a dozen critical vulnerabilities that the researchers say have remained unnoticed and undiscovered until now. The good news is that bad actors haven’t likely known about these vulnerabilities, which means they haven’t been exploited yet.
It’s unclear how quickly fixes for the exploits that make the LogoFAIL firmware attack possible will be fixed. Because LogoFAIL doesn’t require physical access to the device, it’s exceptionally powerful and dangerous. The researchers also say it is likely these exploits have remained undiscovered for so long because the companies didn’t test the image parsers that display the company logo during bootup.