Tech

Major security flaw LogoFAIL discovered in almost every Windows & Linux device

Rebecca Hills-Duty
Security exploit LogoFAILPexels

Security researchers have discovered a serious exploit in the UEFI dubbed LogoFAIL that could affect every Windows and Linux device.

Users running Windows or Linux are vulnerable to a new type of firmware attack, according to security researchers at Binarly.

This issue affects machines from almost every manufacturer and vendor and is very difficult to avoid or even detect.

The exploit has been dubbed LogoFAIL by researchers, and engages at one of the earliest points of the boot-up process, embedding itself into the system before most security processes such as Secure Boot or similar protections have engaged.

As reported by ArsTechnica, the exploit affects almost all enterprise and consumer-grade PCs running Windows or Linux, affecting x64-based systems as well as ARM CPU systems.

Devices from Lenovo, Dell, and HP have been confirmed to be affected, as well as any motherboard using UEFI from Independent BIOS Vendors (ABV) such as AMI, Insyde, and Phoenix.

What is UEFI?

UEFI, or Unified Extensive Firmware Interfaces is responsible for booting most modern devices that use Windows or Linux, replacing the older style of BIOS (Basic Input/Output System).

UEFI is faster to load the Operating System, but some engineers and technicians have complained that it provides less information for diagnostic purposes.

What is LogoFAIL?

As the name suggests, LogoFAIL specifically uses a logo. You may have noticed when you boot up your PC a big logo splash screen displays the name of the hardware device manufacturer or vendor.

It has been discovered that the image parsers for these logos have vulnerabilities that allow malicious code to replace the logo with one that outwardly looks identical. However, it can exploit these bugs to gain almost complete control over the memory and disk of the device – and from there entry into the operating system.

The researchers at Binarly released a proof-of-concept video demonstrating how the LogoFAIL exploits functions to compromise a system.

How to avoid infection by LogoFAIL

There is currently no evidence that any of the LogoFAIL exploits have been in active use by malicious coders. Since the infection is hard to spot, it is difficult to confirm it.

The LogoFAIL exploit relies on image parser vulnerabilities in the boot sequence, devices that use different boot systems such as Macs and most smartphones are not vulnerable to LogoFAIL.

Many enterprise-level Dell devices are similarly protected by their implementation of Intel Boot Guard.

For users of equipment from other vendors, there are advisories available from AMI, Insyde, Phoenix, and Lenovo, and Binarly researchers have been working with vendors to release a series of UEFI security updates. These patches will be distributed by device manufacturers, so if you have concerns it is best to contact your device vendor.

Related Topics

Windows

About The Author

Rebecca Hills-Duty

Rebecca is a Tech Writer at Dexerto, specializing in PC components, VR, AMD, Nvidia and Intel. She has previously written for UploadVR and The Escapist, hosts a weekly show on RadioSEGA and has an obsession with retro gaming. Get in touch at rebecca.hillsduty@dexerto.com

keep reading
windows 11 logo on top of background with gradient rainbow
Tech
How to turn off Windows 11 Start Menu ads
Rebecca Hills-Duty
windows 11 logo on top of background with gradient rainbow
Tech
How to fix a stuck Windows 11 update
Rebecca Hills-Duty
Image of the Steam logo on a blurred screenshot of the Steam Screenshot Manager.
Tech
Where to find Steam screenshot folder: Windows, Mac & Steam Deck
Rosalie Newcombe
Image of the Snipping Tool logo with a blurred Windows 11 wallpaper in the background.
Tech
How to use Snipping Tool on Windows
Rosalie Newcombe

Subscribe to our newsletter for the latest updates on Esports, Gaming and more.