{"id":2171,"date":"2023-12-07T17:44:59","date_gmt":"2023-12-07T17:44:59","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=78451"},"modified":"2023-12-07T17:44:59","modified_gmt":"2023-12-07T17:44:59","slug":"logofail-vulnerabilities-impact-vast-majority-of-devices","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2023\/12\/07\/logofail-vulnerabilities-impact-vast-majority-of-devices\/","title":{"rendered":"LogoFAIL vulnerabilities impact vast majority of devices"},"content":{"rendered":"<p><head> <meta charset=\"UTF-8\"> <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\"> <meta name=\"robots\" content=\"index, follow, max-image-preview:large, max-snippet:-1, max-video-preview:-1\"> <!-- This site is optimized with the Yoast SEO Premium plugin v20.5 (Yoast SEO v20.5) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ --> <title>LogoFAIL vulnerabilities impact vast majority of devices | CyberScoop<\/title> <meta name=\"description\" content=\"Nearly are commercially available computers are vulnerable to a flaw in the process used to display a logo upon start up.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/logofail-vulnerability-boot-process\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"LogoFAIL vulnerabilities impact vast majority of devices\"> <meta property=\"og:description\" content=\"Nearly are commercially available computers are vulnerable to a flaw in the process used to display a logo upon start up.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/logofail-vulnerability-boot-process\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2023-12-07T17:44:59+00:00\"> <meta property=\"article:modified_time\" content=\"2023-12-07T17:47:33+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/12\/logofail-vulnerabilities-impact-vast-majority-of-devices-1.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1242\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Christian Vasquez\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@chrismvasq\"> <!-- \/ Yoast SEO Premium plugin. --> <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1701905043g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress-next\/dist\/css\/related-posts-block-styles.min.css?m=1698686983g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1701899484g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=7dab012cdc88b5676610\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/78451\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.4.2\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=78451\">\n<link rel=\"alternate\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Flogofail-vulnerability-boot-process%2F\">\n<link rel=\"alternate\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Flogofail-vulnerability-boot-process%2F&amp;format=xml\"> <!-- Google Tag Manager --> <!-- End Google Tag Manager --> <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-78451 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/logofail-vulnerability-boot-process\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"24.260563380282\">\n<div class=\"single-article__header-content\" readability=\"29.464285714286\">\n<p> Nearly all commercially available computers are vulnerable to a flaw in the process used to display a logo upon start-up. <\/p>\n<\/p><\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"414\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2023\/12\/logofail-vulnerabilities-impact-vast-majority-of-devices.jpg?resize=640%2C414&#038;ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/12\/logofail-vulnerabilities-impact-vast-majority-of-devices-1.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/12\/logofail-vulnerabilities-impact-vast-majority-of-devices-1.jpg?resize=300,194 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/12\/logofail-vulnerabilities-impact-vast-majority-of-devices-1.jpg?resize=768,497 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/12\/logofail-vulnerabilities-impact-vast-majority-of-devices-1.jpg?resize=1024,662 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/12\/logofail-vulnerabilities-impact-vast-majority-of-devices-1.jpg?resize=1536,994 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/12\/logofail-vulnerabilities-impact-vast-majority-of-devices-1.jpg?resize=600,388 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/12\/logofail-vulnerabilities-impact-vast-majority-of-devices-1.jpg?resize=260,168 260w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/12\/logofail-vulnerabilities-impact-vast-majority-of-devices-1.jpg?resize=521,337 521w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/12\/logofail-vulnerabilities-impact-vast-majority-of-devices-1.jpg?resize=1043,675 1043w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/12\/logofail-vulnerabilities-impact-vast-majority-of-devices-1.jpg?resize=1303,843 1303w\" sizes=\"(max-width: 1043px) 100vw, 1043px\"><figcaption> Glowing computer monitor in row of monitors. (Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"61.77145557656\"><body readability=\"124.73778969546\"><\/p>\n<p>A set of major vulnerabilities that impact nearly all devices allows hackers to bypass most modern security checks through the logo that shows up when the computer starts.<\/p>\n<p>Discovered by the cybersecurity firm Binarly and presented at Black Hat Europe on Wednesday, <a href=\"https:\/\/binarly.io\/posts\/The_Far_Reaching_Consequences_of_LogoFAIL\/index.html\">LogoFAIL is a set of vulnerabilities<\/a> that impact all x86 and ARM-based devices, like Windows and Linux, through the software that shows the manufacturer logo at the start of a bootup process.<\/p>\n<p>LogoFAIL impacts some of the biggest companies, likely affecting some 95 percent of consumer devices on the market today, said Alex Matrosov, CEO at Binarly. The vulnerabilities impact the biggest vendors that make the BIOS startup software \u2014 AMI, Insyde Software and Phoenix Technologies \u2014 and consequently impact the hundreds of both consumer and enterprise-level machines like Lenovo, Intel, and Acer that use that software.<\/p>\n<p>\u201cThese three companies [AMI, Insyde Software, and Phoenix Technologies] serve 95 percent of all compute in the world. So basically, if you pick any device, most likely it\u2019s been impacted by LogoFAIL,\u201d Matrosov said.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Whenever a computer starts, a program called an image parser loads a logo from a manufacturer like Lenovo or Dell. There are multiple types of image parsers to load different types of images, like PNGs, GIFs, BMPs or JPEGs, and they are rife with vulnerabilities, Matrosov said. \u201cWhy we need so many, I don\u2019t know,\u201d he said.<\/p>\n<p>A hacker only needs to change the image file to a malicious one in order to utilize the flaw to execute arbitrary code.<\/p>\n<p>In conjunction with Binarly\u2019s release of its research findings Wednesday, several affected manufacturers rolled out patches to address the vulnerabilities. <\/p>\n<p>What\u2019s alarming about this bug is that since it\u2019s present so early in the bootup process, a malicious hacker can bypass security protections that ensure the software that is about to run is secure and unaltered. The vulnerability allows a malicious hacker to execute code with little to no restrictions before most modern security programs \u2014 like antivirus or endpoint detection \u2014 can detect it.<\/p>\n<p>In order to <a href=\"https:\/\/www.youtube.com\/watch?v=EufeOPe6eqk\">take advantage of the vulnerability<\/a>, hackers do need to gain local administrator access through something like a browser exploit, in order to add the image to the right partition and reboot the system with the new malicious logo. Gaining the necessary access would not present a major challenge to a skilled attacker.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cThese vulnerabilities can compromise the entire system\u2019s security, rendering \u2018below-the-OS\u2019 security measures like any shade of Secure Boot ineffective, including Intel Boot Guard. This level of compromise means attackers can gain deep control over the affected systems,\u201d a report describing the vulnerabilities notes.<\/p>\n<p>The disclosure of the vulnerabilities ran into trouble this week when one of the vendors, Phoenix Technologies, broke an embargo and failed to give credit to the discoverers of the vulnerability.<\/p>\n<p>On Nov. 28, the <a href=\"https:\/\/web.archive.org\/web\/20231206222450\/https:\/\/webcache.googleusercontent.com\/search?q=cache:cWlnW4oat9sJ:https:\/\/www.phoenix.com\/security-notifications\/cve-2023-5058\/%2A\">company sent a release<\/a> that said \u201cPhoenix Technologies has detected a serious flaw\u201d in its software. The company did not provide a patch for the vulnerability, but instead gave an overview of the bug and what it could do.<\/p>\n<p>\u201cThis is a massive disclosure and basically not the right thing to do,\u201d Matrosov said, adding that addressing the vulnerability required major coordination between all the impacted companies.<\/p>\n<p>How Phoenix treated the security researchers that provided a free service, and the other vendors that are impacted by the vulnerability and need to address it, raises major concerns about how the company addresses vulnerabilities, Matrosov said.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>After breaking embargo, Phoenix removed the security notification from its website and has not added it back since the embargo passed.<\/p>\n<p>In a statement, the company said they \u201cdid not break an embargo but inadvertently published some outline details regarding the LogoFAIL problem which was first raised by Binarly to industry security participants last summer. Once this mistake was identified, Phoenix Technologies pulled down the page.\u201d<\/p>\n<p>Asked about the lack of credit after the statement that broke the embargo, the company said that \u201cas Binarly published the details in full regarding the LogoFail vulnerability at a Blackhat conference in London on 6 December, Phoenix only published a precis.\u201d<\/p>\n<p>A vulnerability with this level of impact requires coordination between a massive number of parties. Matrosov said his firm worked with the CERT Coordination Center, as it\u2019s \u201cimpossible to coordinate like 50+ different vendors for this disclosure.\u201d Matrosov said he wishes that there was a central organization to handle the disclosure communication from entities like CERT\/CC, as they can work with vendors who often don\u2019t have the broader communities in mind.<\/p>\n<p>\u201cThey basically treat the disclosures as a trap, not as a gift. But actually it is a gift, because usually you pay a lot of money for assessment from third parties,\u201d Matrosov said. \u201cIf somebody else found a vulnerability and [gave] you all the details, this is a gift. You need to go and fix it because it benefits your customers.\u201d<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\">\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p> <!-- .popular-stories__stories --> <\/div>\n<p><!-- .popular-stories__inner -->\n<\/div>\n<p><!-- .popular-stories --> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p> <!-- Start of HubSpot Embed Code --> <!-- End of HubSpot Embed Code --> <\/body> <a href=\"https:\/\/cyberscoop.com\/logofail-vulnerability-boot-process\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>LogoFAIL vulnerabilities impact vast majority of devices | CyberScoop Skip<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[532,288,643,703,212],"tags":[537,294,645,705,214],"class_list":["post-2171","post","type-post","status-publish","format-standard","hentry","category-linux","category-threats","category-vulnerabilities","category-vulnerability-disclosure","category-windows","tag-linux","tag-threats","tag-vulnerabilities","tag-vulnerability-disclosure","tag-windows"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/linux\/\" rel=\"category tag\">Linux<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vulnerabilities\/\" rel=\"category tag\">vulnerabilities<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vulnerability-disclosure\/\" rel=\"category tag\">vulnerability disclosure<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/windows\/\" rel=\"category tag\">Windows<\/a>","tag_info":"Windows","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/2171","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=2171"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/2171\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=2171"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=2171"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=2171"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}