Blockbuster LogoFAIL attack exposure: almost impossible to detect or delete, affecting entire x64 and ARM CPU ecological devices 04/12 Update SLTechnology News&Howtos

Blockbuster LogoFAIL attack exposure: almost impossible to detect or delete, affecting entire x64 and ARM CPU ecological devices

2025-04-12 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > IT Information >

Shulou(Shulou.com)12/24 Report--

CTOnews.com December 7 news, heavy-duty attack LogoFAIL exposure, the existing defense mechanism is almost impossible to detect attacks, and once the device is infected, it is almost impossible to remove.

BIOS suppliers are scrambling to release UEFI patches to OEM and motherboard manufacturers. Lenovo and other manufacturers have released BIOS updates and advise users to install the upgrade as soon as possible.

After more than a year of in-depth research, Binarly security experts announced the attack at a black hat security conference in London on Wednesday. The team says the LogoFAIL bundle combines more than 20 vulnerabilities that have been lurking for years or even decades.

These vulnerabilities exist in the Unified Extensible firmware Interface (UEFI), which is responsible for booting Windows and Linux devices, covering almost the entire x64 and ARM CPU ecosystem.

These include UEFI vendors such as AMI, Insyde and Phoenix (also known as independent BIOS vendors, IBV), equipment manufacturers such as Lenovo, Dell and Hewlett-Packard, and CPU manufacturers such as Intel, AMD and ARM CPU.

Each time the device is powered on, the relevant LOGO is displayed on the device screen, and the LogoFAIL occurs at this stage, also known as the DXE phase.

The LogoFAIL attack exploits more than a dozen key vulnerabilities of three independent BIOS vendors to replace legitimate LOGO during device boot and to execute a variety of malicious code.

Through LogoFAIL, an attacker has complete control over the memory and disk of the target device, and can provide a payload in Phase 2 to put the executable file on the hard disk before the main operating system boots.

"We tested hundreds of devices sold by Lenovo, Supermicro, MSI, HP, Acer, Dell, Fujitsu, Samsung and Intel and found that they were all vulnerable to LogoFAIL attacks," the Binarly researchers wrote.

The original address of the report is attached to CTOnews.com, which can be read in depth by interested users.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.