. Here's What You Need to Know About LogoFAIL - MajorGeeks

Providing Free and Editor Tested Software Downloads


MajorGeeks.com - It's like sports for geeks.
MajorGeeks.Com » Overview » Here's What You Need to Know About LogoFAIL

Here's What You Need to Know About LogoFAIL

By Corporal Punishment
LogoFAIL is not a virus but rather a set of vulnerabilities in the firmware of many computers that allows attackers to bypass security measures and install malicious software.

LogoFAIL affects the firmware when displaying the manufacturer's logo during the boot process. Firmware is software embedded in a hardware device, such as a computer, smartphone, printer, or router. Firmware controls the basic functions and operations of the device, such as booting, loading, and communicating with other components. Specifically, LogoFAIL affects the Unified Extensible Firmware Interface (UEFI), which is the firmware responsible for booting your computer.

That is a wickedly simplified explanation, but if you want to read more on UEFI, go check the wiki.

What you Need to Know:

Logofail affects a vast majority of computers. Suffice it to say that nearly every PC, whether Windows, Linux, or MAC, likely uses UEFI and is vulnerable to this exploit. Due to its early execution in the boot process, Logofail can bypass many traditional security defenses, making it a highly dangerous threat.

These vulnerabilities allow attackers to inject malicious code into the boot process by manipulating the boot logo image. This code can then be used to bypass security measures such as Secure Boot and install malware on the system.

To use the vulnerability, hackers need to gain local administrator access through some other type of exploit - maybe something with the browser or a malicious email attachment - and then add the nefarious image package to the correct location. The infection is loaded into the system firmware once the system reboots with the new malicious logo. Competent hackers have been hacking administrator accounts since the invention of administrator accounts - so don't let your guard down.

A good practice on your end is to check for Administrator accounts and either change their rights or remove any that are unnecessary. Also, ensure the user account you are logging into your PC is not an administrator account. Doing so can be a little annoying as you may need to boot into an admin account for updates, etc... But it's a safer practice.

Detection and mitigation:

Detecting Logofail infections is difficult, if not near impossible, as the malicious code is hidden within the boot image. It would be hard for the OS level without a special tool like UEFI Tool, and would likely hide from something like that anyway. The best bet would be an external device - which doesn't exist yet. So, unfortunately, no single "Logofail mitigation tool" has been developed as yet. Instead, several security researchers and organizations are developing various tools and techniques to address the detection of Logofail vulnerabilities.

For example, Logofail-PoC is a proof-of-concept tool that demonstrates Logofail vulnerabilities and allows researchers to test mitigation strategies. Developed by security researchers at Binarly who have done extensive work on this issue. Logofail-PoC has yet to be released as they wait for patches to catch up. But you can see it work here:



Now that LogFail has been discovered patching the affected firmware will be the most effective way to mitigate the risk of LogFail. Some manufacturers, like Lenovo, have already released patches for affected systems. Still, since this is a relatively new discovery, not all manufacturers have caught up.

However, there are a few manual tools like this one from Dell that can help you manufacturers to not auto-update their firmware. (Thankfully) Hence, it is important to figure out what bios you have and check your manufacturer site for updates manually.


All that said, flashing/updating your bios is not exactly for the faint of heart. It's not a difficult thing to do, BUT if you have any doubt in your ability to recover from catastrophic failure --- test it out on your friend's system first. ;) JUST KIDDING!!!! Take your PC to a PRO. It will likely cost just a few dollars, and they can do it safely. If you do want to venture into the world of bios-flashing make sure you check out Universal BIOS Backup Kit. It can help identify the manufacturer and version, and you will have a known good backup in a pinch.

comments powered by Disqus



© 2000-2024 MajorGeeks.com
Powered by Contentteller® Business Edition