Nearly All PCs Vulnerable to New Virus Exploit

Nearly All PCs Vulnerable to New Virus Exploit

Earlier this week, Black Hat researchers from Binarly, a virus and exploit research firm, reported nearly all PCs are susceptible to a new kind of firmware exploit.

This particular exploit is a nasty one. It attacks a computer via its UEFI. The Unified Extensible Firmware Interface is a replacement for old fashioned BIOS. The UEFI is a small program that’s used to, boot, a computer. The boot process initializes a computer’s hardware and sets the environment for the operating system, Windows, to utilize the keyboard, mouse, monitor, and other peripherals needed for computing.

How It Works

Binarly researchers have dubbed their exploit LogoFAIL. It’s called LogoFAIL because the exploits uses the computer manufacturers logo to compromise the device. The exploit works by replacing the standard system boot logo from HP, Lenovo, or others with a specially formatted logo that contains exploit code. When the computer’s UEFI starts up, it displays manufacturer’s logo on the screen. When the UEFI parses the image for display, the exploit code is run compromising the computer.

LogoFAIL can be delivered multiple ways. It can be delivered via an unpatched browser, dropped on a machine that’s unlocked, or installed remotely. The delivery method is very simple, because all that’s needed is to copy a specific logo to the computer’s boot partition where the UEFI looks.

There’s also very little you can do. Since no executable code is delivered, most virus scanners won’t pick up LogoFAIL. Furthermore, since the delivery mechanism is an image, most endpoint security apparatus will let the logo pass undetected. The only remedy is to install a UEFI security patch from your computer’s manufacturer.

Who’s Affected?

Virtually every Windows and Linux PC is impacted by LogoFAIL. DELL machines are immune because those systems do not allow the manufacturer’s logo to be changed. Apple machines aren’t impacted either because Apple has write-protected the Apple logo in its UEFI.

How Come UEFI Manufacturers Didn’t Find This?

Because they simply didn’t test their firmware properly. The security researchers used a tool called a fuzzer which executes small pieces of code but varies the input delivered to the code. After enough tries, researchers were able to figure out how to exploit the system.

Computer manufacturers are working quickly to create UEFI patches for their machines. In the meantime, keep your computer locked. Visit reputable websites like theSyncWeekly.com. And limit unauthorized access to your computer.

You could always use a Mac like I do.