Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack

Published

1 year ago

December 7, 2023

admin

MORE FUN WITH FIRMWARE — Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack UEFIs booting Windows and Linux devices can be hacked by malicious logo images.

Dan Goodin – Dec 6, 2023 3:02 pm UTC EnlargeGetty Images reader comments 195

Hundreds of Windows and Linux computer models from virtually all hardware makers are vulnerable to a new attack that executes malicious firmware early in the boot-up sequence, a feat that allows infections that are nearly impossible to detect or remove using current defense mechanisms.

The attackdubbed LogoFAIL by the researchers who devised itis notable for the relative ease in carrying it out, the breadth of both consumer- and enterprise-grade models that are susceptible, and the high level of control it gains over them. In many cases, LogoFAIL can be remotely executed in post-exploit situations using techniques that cant be spotted by traditional endpoint security products. And because exploits run during the earliest stages of the boot process, they are able to bypass a host of defenses, including the industry-wide Secure Boot, Intels Secure Boot, and similar protections from other companies that are devised to prevent so-called bootkit infections. Game over for platform security

LogoFAIL is a constellation of two dozen newly discovered vulnerabilities that have lurked for years, if not decades, in Unified Extensible Firmware Interfaces responsible for booting modern devices that run Windows or Linux. The vulnerabilities are the product of almost a years worth of work by Binarly, a firm that helps customers identify and secure vulnerable firmware.

The vulnerabilities are the subject of a coordinated mass disclosure released Wednesday. The participating companies comprise nearly the entirety of the x64 and ARM CPU ecosystem, starting with UEFI suppliers AMI, Insyde, and Phoenix (sometimes still called IBVs or independent BIOS vendors); device manufacturers such as Lenovo, Dell, and HP; and the makers of the CPUs that go inside the devices, usually Intel, AMD or designers of ARM CPUs. The researchers unveiled the attack on Wednesday at the Black Hat Security Conference in London. Advertisement

The affected parties are releasing advisories that disclose which of their products are vulnerable and where to obtain security patches. Links to advisories and a list of vulnerability designations appears at the end of this article.

As its name suggests, LogoFAIL involves logos, specifically those of the hardware seller that are displayed on the device screen early in the boot process, while the UEFI is still running. Image parsers in UEFIs from all three major IBVs are riddled with roughly a dozen critical vulnerabilities that have gone unnoticed until now. By replacing the legitimate logo images with identical-looking ones that have been specially crafted to exploit these bugs, LogoFAIL makes it possible to execute malicious code at the most sensitive stage of the boot process, which is known as DXE, short for Driver Execution Environment.

Once arbitrary code execution is achieved during the DXE phase, its game over for platform security, researchers from Binarly, the security firm that discovered the vulnerabilities, wrote in a whitepaper. From this stage, we have full control over the memory and the disk of the target device, thus including the operating system that will be started.

From there, LogoFAIL can deliver a second-stage payload that drops an executable onto the hard drive before the main OS has even started. The following video demonstrates a proof-of-concept exploit created by the researchers. The infected devicea Gen 2 Lenovo ThinkCentre M70s running an 11th-Gen Intel Core with a UEFI released in Juneruns standard firmware defenses, including Secure Boot and Intel Boot Guard. LogoFAIL.

In an email, Binarly founder and CEO Alex Matrosov wrote:

LogoFAIL is a newly discovered set of high-impact security vulnerabilities affecting different image parsing libraries used in the system firmware by various vendors during the device boot process. These vulnerabilities are present in most cases inside reference code, impacting not a single vendor but the entire ecosystem across this code and device vendors where it is used. This attack can give a threat actor an advantage in bypassing most endpoint security solutions and delivering a stealth firmware bootkit that will persist in a firmware capsule with a modified logo image. Page: 1 2 3 4 Next → reader comments 195 Dan Goodin Dan Goodin is Senior Security Editor at Ars Technica, where he oversees coverage of malware, computer espionage, botnets, hardware hacking, encryption, and passwords. In his spare time, he enjoys gardening, cooking, and following the independent music scene. Advertisement Channel Ars Technica ← Previous story Next story → Related Stories Today on Ars

Entertainment

Lady Gaga puts on her biggest-ever show for free on Rio’s Copacabana Beach

Published

54 mins ago

May 4, 2025

admin

Lady Gaga puts on her biggest-ever show for free on Rio's Copacabana Beach

Lady Gaga has performed in front of an estimated 2.1 million people at a free show on Rio de Janeiro’s Copacabana Beach.

Some 500,000 tourists travelled to watch the concert, which was paid for by the city in an attempt to boost the struggling economy.

Saturday night’s two-hour show, which marked Gaga’s biggest ever, marked the first time she had played in Brazil since 2012, having cancelled an appearance at the Rock in Rio festival in 2017 over health issues.

Gaga, who released her seventh studio album, Mayhem, in March, opened with a dramatic, operatic edition of her 2011 track Bloody Mary, before launching into Abracadabra, one of her most recent hits.

“Brazil! I missed you. I missed you so much,” she exclaimed, before launching into Poker Face, one of her biggest hits.

The American pop star drew in a similar crowd to Madonna’s in May last year, who performed at the same beach, which is transformed into an enormous dance floor for the shows.

Addressing the crowd in English and through a Portuguese translator, Gaga became emotional as she said: “I’m so honoured to be here with you tonight.

“Tonight we’re making history, but no one makes history alone. Without all of you, the incredible people of Brazil, I wouldn’t have this moment. Thank you for making history with me.

“The people of Brazil are the reason I get to shine today. But of all the things I can thank you for, the one I most am grateful for is this: that you waited for me. You waited more than 10 years for me.”

She said it took so long to come back because she was “healing” and “getting stronger”. The pop sensation cancelled many of her shows in 2017 and 2018 due to her fibromyalgia condition, which can cause pain and fatigue.

It is estimated Gaga’s show will have injected around 600 million reais (£79.9m) into the economy, nearly 30% more than Madonna’s show.

The large-scale free shows are set to continue annually until at least 2028, always taking place in May, which is considered the economy’s “low season”, according to the city’s government.

A hefty security plan was in place, including the presence of 3,300 military and 1,500 police officers, along with 400 military firefighters.

‘A dream come true’

The city has been swarmed with Gaga fans since her arrival on Tuesday, with some even keeping vigil outside of the hotel she has been staying at.

Many arrived at the beach at the crack of dawn on Saturday to secure good spots on the beach, despite the show not starting until 9.45pm.

Ana Lara Folador, who attended with her sister, said it was “a dream come true”, and that Gaga had “really shaped a part of my personality, as a person and an artist”.

Ingrid Serrano, a 30-year-old engineer who made a cross-continent trip from Colombia to Brazil to attend the show, turned up in a T-shirt featuring Lady Gaga’s outlandish costumes over the years.

“I’ve been a 100% fan of Lady Gaga my whole life,” she said, adding the 39-year-old megastar represented “total freedom of expression – being who one wants without shame”.

Matheus Silvestroni, 25, an aspiring DJ and a Gaga fan since the age of 12, endured an eight-hour bus ride from Sao Paulo for the show.

He said it was Gaga who had inspired him to embrace his sexuality and pursue his dream of becoming an artist.

“I was bullied because I was a fat, gay kid, so I was an easy target,” he said. “Gaga was very important because she sent a message that everything was okay with me, I wasn’t a freak, because I was ‘Born This Way’.”

Rio is known for holding massive open-air concerts, with Rod Stewart holding a Guinness World Record for the four million-strong crowd he drew to Copacabana Beach in 1994.

Politics

Conservatives call for Labour’s Lucy Powell to resign over grooming gang remarks

Published

54 mins ago

May 4, 2025

admin

Conservatives call for Labour's Lucy Powell to resign over grooming gang remarks

The Conservatives are calling for Lucy Powell to resign after the Labour MP’s exchange with a commentator about grooming gangs.

The comment was made by Ms Powell, the leader of the House of Commons, after Conservative political commentator Tim Montgomerie started to ask a question on BBC Radio 4’s Any Questions.

“I don’t know if you saw the documentary on Channel 4 about rape gangs,” he started, in relation to the recent programme Groomed: A National Scandal, which centred around five girls who were sexually abused by rape gangs.

Ms Powell, who is MP for Manchester Central, responded: “Oh, we want to blow that little trumpet now, do we? Yeah, OK, let’s get that dog whistle out.”

Sir Keir Starmer and the government have been under sustained pressure from political opponents over the handling of historical sex abuse cases in the UK.

ConservativeHome founder Mr Montgomerie, who will be appearing on Sunday Morning With Trevor Phillips, continued: “There is a real issue where… There were so many people in local government, in the authorities, who, for good reason, were worried about upsetting community tensions, that those girls went undefended.”

The conversation moved on, but politicians criticised Ms Powell’s comment, with some calling for her to resign.

Shadow home secretary Chris Philp said in a statement: “This shocking outburst from a Labour cabinet minister belittles the thousands of girls and women who were raped by grooming gangs over decades.

“We have consistently called for a national enquiry in parliament, which has been blocked by Labour ministers who don’t seem to know or care about the disgusting crimes which have been perpetrated.

“Anyone who has seen the shocking Channel 4 documentary will know that it is clearer than ever that this is not a ‘dog whistle’.

“To dismiss thousands of victims who were raped and the cover up that followed is sickening. She should resign.”

👉 Click here to listen to Electoral Dysfunction on your podcast app 👈

Shadow justice secretary Robert Jenrick said: “Labour’s Lucy Powell thinks it’s a ‘dog whistle’ to demand arrests and accountability for the rape gangs. What a disgusting betrayal of the victims. They are part of the cover-up.”

Ousted Reform MP Rupert Lowe, now an independent, shared a letter he wrote to Ms Powell demanding she apologise, calling her comments “deeply, deeply offensive”.

On X on Saturday night, Ms Powell said: “In the heat of a discussion on AQ, I would like to clarify that I regard issues of child exploitation and grooming with the utmost seriousness. I’m sorry if this was unclear.

“I was challenging the political point scoring around it, not the issue itself. As a constituency MP I’ve dealt with horrendous cases. This Gvt is acting to get to the truth, and deliver justice.”

Sky News has contacted the office for the Leader of the House of Commons for comment.

The long-running row over grooming cases has continued after Labour promised five local inquiries into grooming gangs in January.

Tech billionaire Elon Musk had accused Sir Keir of being “complicit” in the failure of authorities to protect victims and prosecute abusers while the PM was director of public prosecutions from 2008-2013.

The prime minister has repeatedly defended his record, saying it shows he tackled the issue head-on.

World

Israeli pilots’ protest letter reveals deepening rift over ongoing war in Gaza

Published

54 mins ago

May 4, 2025

admin

Israeli pilots' protest letter reveals deepening rift over ongoing war in Gaza

The Israeli Air Force is regarded as one of the country’s most elite units.

So, when hundreds of current and former pilots call for an end to the war in Gaza to get the hostages out, Israelis take notice.

This month, 1,200 pilots caused a storm by signing an open letter arguing the war served mainly “political and personal interests and not security ones”.

Israeli Prime Minister Benjamin Netanyahu said the original letter was written by “bad apples”.

But Guy Paron, a former pilot and one of those behind the letter, said the Israeli government had failed to move to phase two of the ceasefire deal with Hamas, brokered under US President Donald Trump.

That deal called for a full withdrawal of Israeli forces from Gaza and the release of all the remaining hostages. Mr Netanyahu continues to argue that the war must continue to put pressure on Hamas.

Mr Paron said the (Israeli) government “gave up or violated a signed agreement with Hamas” and “threw it to the trash”.

“You have to finish the deal, release the hostages, even if it means stopping that war,” he argued.

It’s not the first time Israeli pilots have taken up a cause. Many of them also campaigned against Mr Netanyahu’s 2023 judicial reforms.

“In this country, 1,000 Israeli Air Force pilots carry a lot of weight,” Mr Paron added.

“The Air Force historically has been the major force and game-changer in all of Israel’s wars, including this current one. The strength of the Air Force is the public’s guarantee of security.”

Anti-government campaign spreads

Now, the open letter campaign has spread to other parts of the military.

More than 15,000 people have signed, including paratroopers, armoured corps, navy, special units, cyber and medics. The list goes on.

Dr Ofer Havakuk has served 200 days during this war as a combat doctor, mostly in Gaza, and believes the government is continuing the war to stay in power.

He has also signed an open letter supporting the pilots and accused the prime minister of putting politics first.

He said Mr Netanyahu “wants to keep his coalition working and to keep the coalition together. For him, this is the main purpose of the war”.

A ceasefire could lead to the collapse of the prime minister’s fragile far-right coalition, which is opposed to ending the war.

Threat of dismissal

The Israeli military has threatened to dismiss those who have signed protest letters.

We met a former pilot who is still an active reservist. He didn’t want to be identified and is worried he could lose his job.

“This is a price that I’m willing to pay, although it is very big for me because I’m volunteering and, as a volunteer, I want to stay on duty for as long as I can,” he told us.

The controversy over the war and the hostages is gaining momentum inside Israel’s military.

It is also exposing deep divisions in society at a time when there is no clear sign about how the government plans to end the war in Gaza, or when.

The renewed war in Gaza over the last year and a half followed deadly Hamas attacks on Israel on 7 October 2023, which killed 1,200 people, mostly civilians, and saw around 250 taken hostage.

More than 51,000 people have been killed in Gaza during the Israeli military’s response, many of them civilians, according to the enclave’s Hamas-run Ministry of Health.