Binarly Research issues warning on LogoFAIL flaws

On November 29, 2023, Binarly REsearch, a firm specialized in securing firmware supply chains, warned of a series of vulnerabilities named LogoFAIL, which affect how the Unified Extensible Firmware Interface (UEFI) runs. The latter is an interface between the firmware and the OS that is used on many motherboards.

When a computer is started up, logos can appear, often those of its manufacturer. In order to display them, many companies use UEFI image analyzers, which run at the very beginning of startup, when most cyber defenses are not up yet. The image analyzers were developed a long time ago, and seldom updated.

Binarly REsearch has thus detected 29 security flaws in the analyzers, which make it possible, in particular, to replace a logo graphic with a copy containing malware. Fifteen of these 29 vulnerabilities allow for arbitrary code to run during the Driver Execution Environment phase, before the OS is launched. An attacker can thus “completely take over the RAM and hard drive of the targeted device, including the OS about to be launched,” explains Binarly REsearch.

The flaws are all the more problematic as they affect a great number of computers. Any device using analyzers from one of the three major BIOS providers (AMI, Insyde and Phoenix) is thus vulnerable. Yet so are other processors, based on x64, x84 and ARM architecture.

However, LogoFAIL vulnerabilities do not affect devices that forego the UEFI, such as smartphones and Macs. Even Mac Intel computers, which use the UEFI, are safe, as Apple hardcoded their image files so that they cannot be replaced. A feature that prevents this switch also protects most Dell computers.

Security updates to patch LogoFAIL vulnerabilities should be available by the end of 2023, or in the first quarter of 2024.