LogoFAIL UEFI malware

J

johnwhelan

Well-known member
Gentle heads up. Some bright spark has created a method of compromising the UEFI boot to install malware. Basically the image is overwritten.

Because this happens before boot up it is extremely difficult to detect and Win 10 and 11 have no defence against it. Microsoft's UEFI Secure Boot implementation is just bypassed.

Apple and Dell are two companies that do not permit the UEFI image to be overwritten but for anything else including custom builds look for BIOS updates from the motherboard manufactures. Some will be more responsive to the threat than others. Blacklotus is another variant. Microsoft is expected to release improved protection in 2024.

So if you're running a Dell or an Apple computer this shouldn't affect you, anything else and you might want to think twice before doing internet banking etc.

Cheerio John
 
I knew this was going to happen eventually way back when UEFI was first developed. My thought was why on earth do they want to touch something that's read-only and turn into something that is now exposed and vulnerable to attacks. We're lucky here because we all run Dell computers.

My thought has always been to lock down both the system settings as well as the operating system in a read-only ROM and locked partition. The only way to update either is via jumpers and a special key-sequence for the OS. The problem though is the hardware is then locked to the OS unless there are replaceable ROMs or a way to update the locked partition with another OS so that the user can upgrade from Windows to Linux for example.

Any user programs and data work as they currently do but in no way shape or form go anywhere near the OS. If something gets infected, it's only a matter of cleaning the user area and doesn't affect the system.
 
That's scary! I'm no expert in these matters, I have just succesfully flashed my ASUS PRIME Z590-A to the latest available BIOS, i.e. v1903 (Sept '23). Will doing that help stop any such UEFI attack?

Rob.
 
robd said:
That's scary! I'm no expert in these matters, I have just succesfully flashed my ASUS PRIME Z590-A to the latest available BIOS, i.e. v1903 (Sept '23). Will doing that help stop any such UEFI attack?

Rob.
Click to expand...
I'm not sure unless the BIOS source is safe. Does your motherboard have a jumper on it to disable BIOS writes? That would prevent the UEFI from being overwritten unless you allow it by changing the position of the jumper. The problem is if the manufacturer's BIOS code has been hacked, then that can compromise your system.
 
JCitron said:
I'm not sure unless the BIOS source is safe. Does your motherboard have a jumper on it to disable BIOS writes? That would prevent the UEFI from being overwritten unless you allow it by changing the position of the jumper. The problem is if the manufacturer's BIOS code has been hacked, then that can compromise your system.
Click to expand...
Hopefully the BIOS source should be safe as it was downloaded from ASUS' own site. I will need to check if my mobo has a disable BIOS write jumper. Thanks for the info.

Rob.
 
More info:

www.elevenforum.com

Windows and Linux devices vulnerable to new LogoFAIL firmware attack

Ars Technica: Hundreds of Windows and Linux computer models from virtually all hardware makers are vulnerable to a new attack that executes malicious firmware early in the boot-up sequence, a feat that allows infections that are nearly impossible to detect or remove using current defense...
www.elevenforum.com www.elevenforum.com

Perhaps a glimmer of hope until IBV's update their BIOS apps?

Rob.
 
Last edited:
robd said:
More info:

www.elevenforum.com

Windows and Linux devices vulnerable to new LogoFAIL firmware attack

Ars Technica: Hundreds of Windows and Linux computer models from virtually all hardware makers are vulnerable to a new attack that executes malicious firmware early in the boot-up sequence, a feat that allows infections that are nearly impossible to detect or remove using current defense...
www.elevenforum.com www.elevenforum.com

Perhaps a glimmer of hope until IBV's update their BIOS apps?

Rob.
Click to expand...
True but how many people use an admin account as their normal one? "Microsoft" accounts are normally set to admin level.

Cheerio John
 
johnwhelan said:
True but how many people use an admin account as their normal one? "Microsoft" accounts are normally set to admin level.

Cheerio John
Click to expand...
"Admin" accounts in Windows 7 and up are the equivalent of super-user accounts in Linux or Unix. The true admin account requires a separate login with exclusive rights and access has to be enabled in the user accounts located under the Computer Management applet. Most home users will not have that as their main account and most definitely wouldn't know how to enable it in the first place. This "true admin account" is the equivalent to a root account in Linux.

When installing software in Windows, an elevation occurs to administrator for some things that require direct access to the operating system. This may be annoying to some but it's a safeguard against installing stuff unwittingly, although many users become "blind" to prompts and will click on "Are you sure you want to delete all your data and destroy your UEFI BIOS too?" when the prompt comes up.

The real alternative is to take computers out of the hands of the masses and put them back into the hands of the experts like in the olden days. The alternative is to completely make it impossible to do things unless multiple keys are depressed at the same time while pressing a button and turning a knob. These multiple presses and knob turns will keep things down to a minimum.
 
JCitron said:
"Admin" accounts in Windows 7 and up are the equivalent of super-user accounts in Linux or Unix. The true admin account requires a separate login with exclusive rights and access has to be enabled in the user accounts located under the Computer Management applet. Most home users will not have that as their main account and most definitely wouldn't know how to enable it in the first place. This "true admin account" is the equivalent to a root account in Linux.
Click to expand...
I am the sole user of this PC and I am designated as local account administrator, password protected. Is that what you mean by the above comment?
JCitron said:
When installing software in Windows, an elevation occurs to administrator for some things that require direct access to the operating system. This may be annoying to some but it's a safeguard against installing stuff unwittingly, although many users become "blind" to prompts and will click on "Are you sure you want to delete all your data and destroy your UEFI BIOS too?" when the prompt comes up.
Click to expand...
I presume you mean the UAC setting from the above comment?
JCitron said:
The real alternative is to take computers out of the hands of the masses and put them back into the hands of the experts like in the olden days. The alternative is to completely make it impossible to do things unless multiple keys are depressed at the same time while pressing a button and turning a knob. These multiple presses and knob turns will keep things down to a minimum.
Click to expand...
Sounds like most of us are stuffed then!

Thanks for your post, I certainly note and bow to your superior knowledge of these things!

Rob.
 
STUFFED is correct. The internet companies are yet another enemy of proper computer operation. They deliberately create doors to allow companies who pay a large fee more "intimate" access to your system. It also allows the providers of the OS do stick in popups of junk that they sell and malcontents to insert malicious software.

It is like a surgeon leaving a tube hanging out of your body to directly administer medicine. In this case it stuffs JUNK into your system and popups for their junk software. Beginning with Windows 11 customers lost control of their PCs and Microsoft can now do ANYTHING it wants to make more money.

I did not pursue Linux several years ago because it was bland. DUMB. Simple and straightforward is SAFETY and CONTROL. If anyone knows of a SAFE method to lock down a PC I would like to take a look at it. In the meantime I have anti-malware software that keeps the demented from getting in while Microsoft just trolls around and pops-up junk adds for a FEE$$. Once that door is opened to force some action by Microsoft the slime try to squeeze in. It takes them some time to figure out how to turn the key but they always find a way. Then we get an update that blocks that action but may leave or create other loopholes.

Society is almost fully dependent on the Phone and PC. They put things on these systems that can bankrupt them in milliseconds. Bank accounts, insurance payments, medical info, credit card numbers. We foolishly believe the propaganda from those making money from us that we are safe. FALSE - the lie of the century. As I type there is some software, somewhere, is copying this. It will deem it as worthless once it sees that the word bank leads nowhere.
 
Last edited:
boleyd said:
STUFFED is correct. The internet companies are yet another enemy of proper computer operation. They deliberately create doors to allow companies who pay a large fee more "intimate" access to your system. It also allows the providers of the OS do stick in popups of junk that they sell and malcontents to insert malicious software.

It is like a surgeon leaving a tube hanging out of your body to directly administer medicine. In this case it stuffs JUNK into your system and popups for their junk software. Beginning with Windows 11 customers lost control of their PCs and Microsoft can now do ANYTHING it wants to make more money.

I did not pursue Linux several years ago because it was bland. DUMB. Simple and straightforward is SAFETY and CONTROL. If anyone knows of a SAFE method to lock down a PC I would like to take a look at it. In the meantime I have anti-malware software that keeps the demented from getting in while Microsoft just trolls around and pops-up junk adds for a FEE$$. Once that door is opened to force some action by Microsoft the slime try to squeeze in. It takes them some time to figure out how to turn the key but they always find a way. Then we get an update that blocks that action but may leave or create other loopholes.

Society is almost fully dependent on the Phone and PC. They put things on these systems that can bankrupt them in milliseconds. Bank accounts, insurance payments, medical info, credit card numbers. We foolishly believe the propaganda from those making money from us that we are safe. FALSE - the lie of the century. As I type there is some software, somewhere, is copying this. It will deem it as worthless once it sees that the word bank leads nowhere.
Click to expand...
they already got your information Dick!
 
You must log in or register to reply here.

Similar threads

J
Notes on toys for backing up
Replies
4
Views
415
JCitron
J
Back
Top