Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack(ars technica)

Posted Dec 7, 2023 21:31 UTC (Thu) by mat2 (guest, #100235)
Parent article: Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack (Ars Technica)

Most people do not need to worry about firmware attacks anyway. Pure userland attacks are much more widespread and therefore more dangerous. Not to mention phishing.

Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack(ars technica)

Posted Dec 13, 2023 13:33 UTC (Wed) by Random167 (guest, #168499) [Link] (1 responses)

No, firmware attack is much more dangerous than OS layer attacks, because it can be hidden in your motherboard flash that cannot be deleted by an OS reinstall. It can bypass all the security measures since firmware is the earliest root of trust, and the firmware malware can pretend everything is all secure and fine to the OS, therefore it is also hard to detect.
Also the firmware update software relies on the firmware to do the job which is compromised in the first place… the worst case is to flash a new firmware by a flash programmer like dediprog, until then your system will be kept compromised.

Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack(ars technica)

Posted Dec 18, 2023 4:59 UTC (Mon) by raven667 (subscriber, #5198) [Link]

I don't think that is within the scope of likelihood of this vulnerability, this isn't about modifying the firmware for persistence of an exploit after a phisihing or malware install, this is about being able to re-exploit the firmware as part of its normal boot process early enough that it's hard to detect later and can push malware persistence into the OS, which has to be built on the assumption that the tools it uses to load itself are intact. Modern firmware integrity is built by having each part having a way to validate the next part before it loads it, so the boot should always get into a known good state that makes malware hard to persist, but loading unvalidated data that can break code execution flow breaks the validation.