Almost all Windows and Linux devices are vulnerable to a new form of LogoFAIL firmware attack, according to cybersecurity group Binarly.
The new cyberattack is reportedly capable of hacking computers by targeting the device's boot-up sequence, allowing bad actors to high level of control over the device.
Binarly noted that the malware can bypass Intel's Secure Boot and other similar protections against so-called bootkit infections.
The cybersecurity firm already that noted it "has detected parsers vulnerable to LogoFAIL in hundreds of devices" from Lenovo, Supermicro, MSI, HP, Acer, Dell, Fujitsu, Samsung, and Intel.
This means there is no stopping hackers from hijacking virtually all hardware makers for both consumer- and enterprise-grade models.
Worst of all, the attacks prey on over two dozen vulnerabilities that have existed for years. Binarly only detected hackers using the exploit in under a year.
How Does the New LogoFAIL Firmware Attack Works
As a firmware attack, LogoFAIL does not require physical access to devices to remotely control them.
According to Binarly, LogoFAIL attack can be executed via "image parsers" during the boot-up sequence of the device.
There, hackers will be able to disguise themselves as part of the operating system and gain access to personal files in the devices. Of course, this can only work if the infected device is connected to the internet.
New discoveries of system vulnerabilities only serve as "further proof of the endemic security problems that affect the firmware supply chain ecosystem," BinarLy stated.
How to Protect Devices from Firmware Cyberattack
While there is not much program and software developed to counter this specific exploit, Binarly advised Windows and Linux users to know how to detect similar attacks in the future.
It is also advised to not put all personal data in one device or connected to one device to prevent bad actors from gaining full access to all identity verification requirements.
Constantly updating the device can also work as big tech companies regularly provide security updates to their live services.
Related Article : How to Secure Your Personal Data on Google Chrome