back to article UEFI flaws allow bootkits to pwn potentially hundreds of devices using images

Hundreds of consumer and enterprise devices are potentially vulnerable to bootkit exploits through unsecured BIOS image parsers. Security researchers have identified vulnerabilities in UEFI system firmware from major vendors which they say could allow attackers to hijack poorly maintained image libraries to quietly deliver …

  1. Joe W Silver badge
    Trollface

    Blimey....

    "Exploits bypass most secure boot solutions from the biggest chip vendors"

    Yeah.

    Great.

    Bloody brilliant. So.... why do we insist on the bloody mess? F' that.

    1. Tomato42
      Linux

      Re: Blimey....

      Well, how else they will protect the users from making the "mistake" of uninstalling Windows and installing a real operating system on the machine?

    2. simonlb Silver badge
      FAIL

      Re: Blimey....

      Seriously, what is the point of creating a 'secure' method to bootup a system if that 'secure' method arbitrarily picks up any random shit from a folder and uses it without performing any security checks whatsoever? That is not just a fail, it's a fucking huge fail. And no-one saw this coming?

  2. abend0c4 Silver badge

    If a picture taints a thousand and twenty-four words...

    1. devin3782
      Happy

      You brought tears of linguistic joy to my eyes, thank you sir

  3. Paul Crawford Silver badge
    Facepalm

    Who would have guessed that the stupid complexity of your typical UEFI start-up code, along with little on no peer review, would have lead to security holes?

    1. Anonymous Coward
      Anonymous Coward

      Quite. Not that legacy BIOS is necessarily a wondrous piece of work, but UEFI seems to have been fraught with peril from the start.

      In some ways it has been downhill ever since OFW went by the wayside.

    2. Yorick Hunt Silver badge

      I was savagely downvoted when I made this observation regarding XP vs Win10/11, but this is the same scenario...

      When you have a known insecure platform (BIOS or XP), you know to take measures to secure it. But when you're told "trust us, this is ultra secure, don't ask questions" (UEFI or Win10/11), you're not only lulled but forced to accept their claims - only to eventually realise that they were full of political promises.

    3. SCP

      Who would have guessed that overcomplicating UEFI code to satisfy the marketing droids who wanted their logos to be displayed could come back and bite everyone in the a**e.

      1. ThatOne Silver badge

        You don't need UEFI to display a BIOS logo. IIRC my old 486DX2 already did that (and one of the first things I did was disable it, because it delayed Boot for 5 seconds so you could admire said logo...).

  4. Will Godfrey Silver badge
    Unhappy

    Is this only UEFI?

    In the motherboard boot menu none of my machines are configured to start with this, so would I be safe - at least from this specific attack?

    1. David 132 Silver badge

      Re: Is this only UEFI?

      Yes, my understanding is that machines starting in legacy BIOS mode - bootsector, etc - aren't affected by this vulnerability.

      LogoFAIL, if my reading of this article's correct, relies on a malformed image placed in the root EFI partition on the boot drive. This images is loaded & parsed by the EFI firmware during boot, before the firmware hands over control of the boot process to the OS on its partition.

      So if you're not using UEFI boot, and don't have an EFI partition (NB - these are normally hidden), you should be OK.

      1. Anthropornis

        Re: Is this only UEFI?

        For most of us using recent machines, the problem is finding something which does not require UEFI to boot. I had an original Zen1 what failed durign lockdown. Since I don't normally need a power-hungry graphics card I ended up getting a zen2 APU - all those that were available require UEFI.

        Yes, we are unlikely to be victiims of the image loading, but that doesn't mean we can avoid UEFI.

  5. CowHorseFrog Silver badge

    simple answer dont support boot images. it not the end of the world if a computer starts up without a custom logo..

    1. Kurgan

      Simple answer is "stop bloating your firmware". Stop bloating everything, actually. But we all know that marketing is pushing for useless "features" all the time.

      1. Tomato42

        Oh, that can't be blamed on markedroids only, the engineerds also like to work on the new shiny, and not just maintain the old tried and true.

  6. Alumoi Silver badge

    Ahh, no worries! It won't be used to hijack your PC or exfiltrate your precious PII. It will just display personalized ads on your boot screen. Pinky swear!

  7. Doctor Syntax Silver badge

    If an attacker can get a file into the EFI partition then you've got more problems than dodgy image processing by UEFI.

    1. Paul Crawford Silver badge

      Not as big a problem as this one though.

      After the first exploit that took over the system you are now in a position of having to throw it away, rather then re-image it, as you can't be sure that a persistent rootkit is now buried in your UEFI firmware.

      You could flash the UEFI firmware using the usual utility, but is the exploit smart enough to negate that and keep itself in there? Out with your JTAG kit...

    2. DuncanLarge

      > If an attacker can get a file into the EFI partition then you've got more problems than dodgy image processing by UEFI.

      Thats totally trivial. It's a R/W FAT32 partition. If you are lucky something software based in the OS may try to monitor or write protect it but a user merely has to run something as admin to let code modify anything anywhere on a HDD.

      It's one of the reasons why I'm against UEFI, it should ALL be in ROM. We have big ROMs these days, why is an unreliable partition needed?

  8. YetAnotherJoeBlow

    On the other hand...

    On the brightside, when a business type asks a tech - can he fix it so that when his computer boots can it display a picture of my daughter?

    Sorry, security risk...

  9. Roo
    Windows

    There is a *really* simple solution to this...

    The only firmware should be to load a bunch of bytes off a USB stick and execute them.

    The vendors can supply their USB stick installed in the motherboard by default with all their cruddy unnecessary, unreviewed guffware that they want. Folks who don't want the guffware can put their own stick in with whatever pre-boot crap they want (or maybe just a simple locked down bootloader) and optionally superglue the stick in place for extra security. We have USB headers on motherboards already, this is not hard or expensive folks.

    1. DuncanLarge

      Re: There is a *really* simple solution to this...

      > Folks who don't want the guffware can put their own stick in with whatever pre-boot crap they want

      They will solder them to the moberboard mate

      1. Anonymous Coward
        Anonymous Coward

        Re: There is a *really* simple solution to this...

        Solder, meet iron...

  10. FirstTangoInParis Bronze badge

    Unavoidable

    Some modern OS require UEFI. Ubuntu Core later than 18 requires it, so old hardware are stuck on 18. Wouldn’t be surprised if all Ubuntu sw later than 18 requires it too (though ISTR you can legacy boot, but it’s a bit like wading through treacle trying to get it to do so). Add that to dropped support for network cards that are not recent, then you need new hardware anyway.

    But then if you’re not using a picture then Shirley not vulnerable?

    1. DuncanLarge

      Re: Unavoidable

      > But then if you’re not using a picture then Shirley not vulnerable?

      It may not be YOUR image, and YOU didnt put it there. THEY did. Thats the point.

  11. Anonymous Coward
    Anonymous Coward

    BIOS/UEFI security

    I've always wondered why it's possible to put ANY kind of info into BIOS/UEFI, whether a picture or an update, without requiring physical access to the machine. Make it a button on the motherboard for desktops, or a particular key combination on the built-in keyboard for laptops, that MUST be pushed in order to update the firmware, etc. While it would still be possible to trick some users into doing this, it would drastically cut down on firmware-level malware.

    1. DuncanLarge

      Re: BIOS/UEFI security

      > that MUST be pushed in order to update the firmware

      Thats why a set a BIOS password, sure they may not always be secure but anything that does not understand a BIOS password will be scuppered.

  12. BenMyers

    Hasty UEFI, not vetted properly, with weaknesses

    Apple, Microsoft and Intel, the three companies taking the lead on the UEFI specification, managed to con us all into insecure BIOS products that make it far more difficult to service computers. Shame on them, Insyde, Phoenix and AMI for woefully incomplete efforts to make sure these BIOSes are really secure.

    Did you ever try to repair a computer with a messed up SSD or hard drive, plus UEFI and BitLocker? It's extremely difficult and only people with a lot of money in their pockets or bank accounts can afford what I charge for a time-consuming service that requires a lot of know-how. Yes, BitLocker is another security feature foisted off on us to enhance computer secuirty. Sometimes, BitLocker is so secure that you can't even access your own data.

    Bottom line here is that we have all been sold security with Windows 11 and it comes up far short of how it has to work to be properly secure.

    1. DuncanLarge

      Re: Hasty UEFI, not vetted properly, with weaknesses

      > Did you ever try to repair a computer with a messed up SSD or hard drive, plus UEFI and BitLocker?

      YES oh god dont remind me!

      I had a machine that was not bitlockered but HAD been using Intel fake raid, which all got messed up with macrium reflect images not supporting Intel fake raid and the users also messing up the machine thus requiring me to restore an untested image to the machine rather than having them sort out the driver issues they created.

      Ended up with a totally borked UEFI and windows boot config. Took me most of a day to sort out as windows recovery environment as usual was totally inept and useless, guides on the web on how to regenerate the windows boot config on the "newly and manually created in Linux EFI partition" all didnt work as they only worked for specific versions of windows.

      It was a bloody mess of browser tabs and lost of reading and failures. I was very nostalgic about the good old MBR days, with a boot loaded installed in the first sector of a drive or partition.

      My home systesm still use that.

      On paper UEFI looks great, but thats on paper. The paper is not what was implemented by far.

  13. DuncanLarge

    Ah

    Good thing I dont have an EFI partition on anything I use at home :D

    However at work thats a different story.

    1. Someone56

      Re: Ah

      What loads your OS then?

  14. Someone56

    SPARC and POWER Mac Open Firmware was better than this, before UEFI was even invented.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like