geekhack Community > Other Geeky Stuff

LogoFAIL - Do we need to worry ?


I was surprised that Linux was equally vulnerable.

What is the best protection from it?

From what I was reading the only thing to protect yourself is to wait for your specific Mobo manufacture to publish a BIOS update.

Lenovo can disable EFI/bios updates on at least some laptops, Dell does it automatically.

But I question the ease in infection on this.
You're likely to notice an image change in startup which means extracting the image, infecting it then replacing it. Infecting an image isn't that easy, much less doing it through multiple OS, OS versions, plus the payload of the image extractor and upload and then you have the code itself you want to run. Some reports was this could be done remotely, ehhh... That's quite a large amount of data  to move and you're going to be limited on space in the bios/EFI. Not saying it can't be done or it's even difficult, just not as easy to do in the wild through online means.

This would be more easily pulled off through an email attachment than a drive-by like some sites were reporting and so long as you're somewhat vigilant and have either an good alternate A/V program (I.E. NOT Defender*) or run Linux or Mac, you're probably pretty safe.

You shouldn't need to wait for mobo manufacturers, all the OS and computer and motherboard manufacturers who allow you to change that image know how to change the image which means they should know how to block changing the image as well. All you have to do is block/password protect/limit the command that allows you to change the file. The real problem now becomes who's ultimately going to do that work, OEMS can claim MS and linux devs, MS and linux devs can blame OEMs and nothing gets done ("not my job"). Happens all the time, you see it all the time in adware/spyware/malware.

*Defender itself isn't bad, the problem is, all your eggs are in one basket controlled by one company, and worse that same basket is the same basket as everyone else making it a very large target.

What if you download and play pirated g4m3z ? :-X


--- Quote from: tp4tissue on Thu, 07 December 2023, 20:18:55 ---What if you download and play pirated g4m3z ? :-X

--- End quote ---
Then you're either already infected by other (probably worse) stuff or you already know how to protect yourself.


[0] Message Index

Go to full version