Windows, Linux Devices All at Risk of New Firmware Cyberattack

Almost all Windows and Linux devices are vulnerable to a new form of LogoFAIL firmware attack, according to cybersecurity group Binarly.

Windows, Linux Devices All at Risk of New Firmware Cyberattack
Kyle Marcelino/iTech Post via Microsoft

The new cyberattack is reportedly capable of hacking computers by targeting the device's boot-up sequence, allowing bad actors to high level of control over the device.

Binarly noted that the malware can bypass Intel's Secure Boot and other similar protections against so-called bootkit infections.

The cybersecurity firm already that noted it "has detected parsers vulnerable to LogoFAIL in hundreds of devices" from Lenovo, Supermicro, MSI, HP, Acer, Dell, Fujitsu, Samsung, and Intel.

This means there is no stopping hackers from hijacking virtually all hardware makers for both consumer- and enterprise-grade models.

Worst of all, the attacks prey on over two dozen vulnerabilities that have existed for years. Binarly only detected hackers using the exploit in under a year.

How Does the New LogoFAIL Firmware Attack Works

As a firmware attack, LogoFAIL does not require physical access to devices to remotely control them.

According to Binarly, LogoFAIL attack can be executed via "image parsers" during the boot-up sequence of the device.

There, hackers will be able to disguise themselves as part of the operating system and gain access to personal files in the devices. Of course, this can only work if the infected device is connected to the internet.

New discoveries of system vulnerabilities only serve as "further proof of the endemic security problems that affect the firmware supply chain ecosystem," BinarLy stated.

How to Protect Devices from Firmware Cyberattack

While there is not much program and software developed to counter this specific exploit, Binarly advised Windows and Linux users to know how to detect similar attacks in the future.

It is also advised to not put all personal data in one device or connected to one device to prevent bad actors from gaining full access to all identity verification requirements.

Constantly updating the device can also work as big tech companies regularly provide security updates to their live services.

© 2024 iTech Post All rights reserved. Do not reproduce without permission.

More from iTechPost

Real Time Analytics