Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack

Published

2 years ago

December 7, 2023

admin

MORE FUN WITH FIRMWARE — Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack UEFIs booting Windows and Linux devices can be hacked by malicious logo images.

Dan Goodin – Dec 6, 2023 3:02 pm UTC EnlargeGetty Images reader comments 195

Hundreds of Windows and Linux computer models from virtually all hardware makers are vulnerable to a new attack that executes malicious firmware early in the boot-up sequence, a feat that allows infections that are nearly impossible to detect or remove using current defense mechanisms.

The attackdubbed LogoFAIL by the researchers who devised itis notable for the relative ease in carrying it out, the breadth of both consumer- and enterprise-grade models that are susceptible, and the high level of control it gains over them. In many cases, LogoFAIL can be remotely executed in post-exploit situations using techniques that cant be spotted by traditional endpoint security products. And because exploits run during the earliest stages of the boot process, they are able to bypass a host of defenses, including the industry-wide Secure Boot, Intels Secure Boot, and similar protections from other companies that are devised to prevent so-called bootkit infections. Game over for platform security

LogoFAIL is a constellation of two dozen newly discovered vulnerabilities that have lurked for years, if not decades, in Unified Extensible Firmware Interfaces responsible for booting modern devices that run Windows or Linux. The vulnerabilities are the product of almost a years worth of work by Binarly, a firm that helps customers identify and secure vulnerable firmware.

The vulnerabilities are the subject of a coordinated mass disclosure released Wednesday. The participating companies comprise nearly the entirety of the x64 and ARM CPU ecosystem, starting with UEFI suppliers AMI, Insyde, and Phoenix (sometimes still called IBVs or independent BIOS vendors); device manufacturers such as Lenovo, Dell, and HP; and the makers of the CPUs that go inside the devices, usually Intel, AMD or designers of ARM CPUs. The researchers unveiled the attack on Wednesday at the Black Hat Security Conference in London. Advertisement

The affected parties are releasing advisories that disclose which of their products are vulnerable and where to obtain security patches. Links to advisories and a list of vulnerability designations appears at the end of this article.

As its name suggests, LogoFAIL involves logos, specifically those of the hardware seller that are displayed on the device screen early in the boot process, while the UEFI is still running. Image parsers in UEFIs from all three major IBVs are riddled with roughly a dozen critical vulnerabilities that have gone unnoticed until now. By replacing the legitimate logo images with identical-looking ones that have been specially crafted to exploit these bugs, LogoFAIL makes it possible to execute malicious code at the most sensitive stage of the boot process, which is known as DXE, short for Driver Execution Environment.

Once arbitrary code execution is achieved during the DXE phase, its game over for platform security, researchers from Binarly, the security firm that discovered the vulnerabilities, wrote in a whitepaper. From this stage, we have full control over the memory and the disk of the target device, thus including the operating system that will be started.

From there, LogoFAIL can deliver a second-stage payload that drops an executable onto the hard drive before the main OS has even started. The following video demonstrates a proof-of-concept exploit created by the researchers. The infected devicea Gen 2 Lenovo ThinkCentre M70s running an 11th-Gen Intel Core with a UEFI released in Juneruns standard firmware defenses, including Secure Boot and Intel Boot Guard. LogoFAIL.

In an email, Binarly founder and CEO Alex Matrosov wrote:

LogoFAIL is a newly discovered set of high-impact security vulnerabilities affecting different image parsing libraries used in the system firmware by various vendors during the device boot process. These vulnerabilities are present in most cases inside reference code, impacting not a single vendor but the entire ecosystem across this code and device vendors where it is used. This attack can give a threat actor an advantage in bypassing most endpoint security solutions and delivering a stealth firmware bootkit that will persist in a firmware capsule with a modified logo image. Page: 1 2 3 4 Next → reader comments 195 Dan Goodin Dan Goodin is Senior Security Editor at Ars Technica, where he oversees coverage of malware, computer espionage, botnets, hardware hacking, encryption, and passwords. In his spare time, he enjoys gardening, cooking, and following the independent music scene. Advertisement Channel Ars Technica ← Previous story Next story → Related Stories Today on Ars

UK

UK looking at Denmark model to cut illegal migration

Published

9 mins ago

November 8, 2025

admin

UK looking at Denmark model to cut illegal migration

The Home Office is looking at what Denmark is doing to cut illegal migration, Sky News understands.

Last month, Home Secretary Shabana Mahmood dispatched officials to the Nordic nation to study its border control and asylum policies, which are considered some of the toughest in Europe.

In particular, officials are understood to be looking at Denmark’s tighter rules on family reunion and restricting most refugees to a temporary stay in the country.

Ms Mahmood will announce a major shake-up of the UK’s immigration system later this month, PA is reporting.

Labour MPs are said to be split on the move.

Some, in so-called Red Wall seats which are seen as vulnerable to challenge from Reform UK, want ministers to go further in the direction Denmark has taken.

But others believe the policies will estrange progressive voters and push the Labour Party too far to the right.

What are Denmark’s migration rules?

Denmark has adopted increasingly restrictive rules in order to deal with migration over the last few years.

In Denmark, most asylum or refugee statuses are temporary. Residency can be revoked once a country is deemed safe.

In order to achieve settlement, asylum seekers are required to be in full-time employment, and the length of time it takes to acquire those rights has been extended.

Denmark also has tougher rules on family reunification – both the sponsor and their partner are required to be at least 24 years old, which the Danish government says is designed to prevent forced marriages.

The sponsor must also not have claimed welfare for three years and must provide a financial guarantee for their partner. Both must also pass a Danish language test.

In 2018, Denmark introduced what it called a ghetto package, a controversial plan to radically alter some residential areas, including by demolishing social housing. Areas with over 1,000 residents were defined as ghettos if more than 50% were “immigrants and their descendants from non-Western countries”.

In 2021, the left of centre government passed a law that allowed refugees arriving on Danish soil to be moved to asylum centres in a partner country – and subsequently agreed with Rwanda to explore setting up a program, although that has been put on hold.

It comes as the government continues to struggle to get immigration under control, with rising numbers of small boat crossings in the Channel over the last few months and a migrant, deported under the UK’s returns deal with France, re-entering the country.

Some 648 people crossed the Channel to Britain in nine boats on Friday, according to Home Office figures, bringing the total for the year to 38,223.

Ms Mahmood wants deterrents in place to stop migrants seeking to enter the country via unauthorised routes.

She also wants to make it easier to remove those who are found to have no right to stay in the UK.

Sources told the PA news agency she was eager to meet her Danish counterpart, Rasmus Stoklund, the country’s immigration minister, at the earliest possible convenience.

Speaking on BBC Radio 4, Mr Stoklund likened Danish society to “the hobbits in The Lord Of The Rings” and said people coming to the country who do not contribute positively would not be welcome.

Mr Stoklund said: “We are a small country. We live peacefully and quietly with each other. I guess you could compare us to the hobbits in The Lord Of The Rings.”

“We expect people who come here to participate and contribute positively, and if they don’t they aren’t welcome.”

The split in Labour was apparent from public comments by MPs today.

Stoke-on-Trent Central Labour MP Gareth Snell told Radio 4’s Today programme that any change bringing “fairness” to an asylum system that his constituents “don’t trust” was “worth exploring”.

But Nottingham East MP Nadia Whittome, who is a member of the party’s Socialist Campaign Group caucus, said: “I think these are policies of the far right. I don’t think anyone wants to see a Labour government flirting with them.”

Sports

Poll: Mendoza top vote-getter as NFL draft’s QB1

Published

53 mins ago

November 8, 2025

admin

Poll: Mendoza top vote-getter as NFL draft's QB1

The volatility and unpredictability of the 2025 college football season has rippled through the group of draft-eligible quarterbacks.

ESPN repolled 25 NFL scouts and executives about who will be the first quarterback taken in the 2026 NFL draft, with the results drastically different from six weeks ago.

In the latest poll, Indiana‘s Fernando Mendoza was the top vote-getter with 13 votes, putting him ahead of Oregon‘s Dante Moore (6) and Alabama‘s Ty Simpson (3). Notably, none of those quarterbacks received a vote in the first poll, and all have eligibility remaining.

The other three quarterbacks receiving votes were Oklahoma‘s John Mateer (1), Cincinnati‘s Brendan Sorsby (1) and South Carolina‘s LaNorris Sellers (1). Only Sellers and Mateer had votes in the first poll.

“It’s not a stellar class,” one scout told ESPN. “If you add the maybes [who have eligibility and could leave school], now it gets interesting. The top is better than last year’s class, for sure.”

The top of this year’s crop has flipped from Sept. 20, when seven different quarterbacks received votes, with Sellers (8) edging out LSU‘s Garrett Nussmeier (7). Both players and their teams have struggled this season. Others receiving votes in the first QB1 poll were Miami‘s Carson Beck (3), Mateer (3), Penn State‘s Drew Allar (2), Arizona State‘s Sam Leavitt (1) and Texas‘ Arch Manning (1).

The sentiment regarding the class has soured a bit since the initial polling. Along with the dip in play from Sellers and Nussmeier, Allar suffered a season-ending injury and Manning hasn’t resembled anything close to what his family and recruiting pedigrees projected.

While Mendoza is the top vote-getter, he has yet to establish himself as a no-brainer No. 1 overall pick. He is trending that way, but there is not yet conviction behind those projections.

Mendoza transferred from Cal and has taken a leap under coach Curt Cignetti and the tutelage of offensive coordinator Mike Shanahan and quarterbacks coach Chandler Whitmer. His completion percentage is 72.3%, up from 68.7%, and he has thrown 25 touchdowns, nine more than last season at Cal. He has also rushed for four touchdowns and is averaging 9.5 yards per attempt, up from 7.8.

What do scouts like? They start with the basics of him being 6-foot-5 and 225 pounds. He idolizes Tom Brady, which is viewed as a strong North Star for a prospect.

“He has ‘wow’ throws and playmaking passer ability,” one scout told ESPN. “He can anticipate post-snap.”

Added another: “He’s decisive, and he sees everything well. He’s got accuracy down the field and is very tough in the pocket.”

There was a play against Iowa where Mendoza hung in the pocket and got decked by a Hawkeyes linebacker while delivering a perfect ball to a receiver in tight coverage.

Moore’s emergence has been sudden. He has started 13 games, including five at UCLA in 2023 before backing up Dillon Gabriel at Oregon last season. A redshirt sophomore who entered college as ESPN’s No. 2 overall player, Moore is 6-3 and 206 pounds. He attempted just eight passes last season but has maximized his starting role in 2025, with 19 touchdowns, a 71.4% completion percentage and 1,772 passing yards.

Simpson didn’t start a game until this season, which has led to speculation in NFL circles that he will return to college. (Quarterbacks with under 25 starts don’t have a consistent track record of NFL success.) Simpson has soared onto radars with 20 touchdowns and just one interception. He has completed 67.8% of his passes and thrown for 2,184 yards.

Sorsby might be the biggest surprise. While he struggled in high-wattage spots against Nebraska and Utah, he has clearly progressed.

One scout summed him up this way: “He’s big, tough, athletic and smart. He’s a leader and can make off-schedule plays and change arm angles. He’s got the ‘It.’ I think he’s very gifted.”