Kyle Marcelino Tech

Windows, Linux Devices All at Risk of New Firmware Cyberattack

Almost all Windows and Linux devices are vulnerable to a new form of LogoFAIL firmware attack, according to cybersecurity group Binarly.

Windows, Linux Devices All at Risk of New Firmware Cyberattack
(Photo : Kyle Marcelino/iTech Post via Microsoft)

The new cyberattack is reportedly capable of hacking computers by targeting the device's boot-up sequence, allowing bad actors to high level of control over the device.

Binarly noted that the malware can bypass Intel's Secure Boot and other similar protections against so-called bootkit infections.

The cybersecurity firm already that noted it "has detected parsers vulnerable to LogoFAIL in hundreds of devices" from Lenovo, Supermicro, MSI, HP, Acer, Dell, Fujitsu, Samsung, and Intel.

This means there is no stopping hackers from hijacking virtually all hardware makers for both consumer- and enterprise-grade models.

Worst of all, the attacks prey on over two dozen vulnerabilities that have existed for years. Binarly only detected hackers using the exploit in under a year.

Also Read: Google, Apple Rolls Out Emergency Updates to Fix Zero-Day Exploits on Chrome, iOS

How Does the New LogoFAIL Firmware Attack Works

As a firmware attack, LogoFAIL does not require physical access to devices to remotely control them.

According to Binarly, LogoFAIL attack can be executed via "image parsers" during the boot-up sequence of the device.

There, hackers will be able to disguise themselves as part of the operating system and gain access to personal files in the devices. Of course, this can only work if the infected device is connected to the internet.

New discoveries of system vulnerabilities only serve as "further proof of the endemic security problems that affect the firmware supply chain ecosystem," BinarLy stated.

How to Protect Devices from Firmware Cyberattack

While there is not much program and software developed to counter this specific exploit, Binarly advised Windows and Linux users to know how to detect similar attacks in the future.

It is also advised to not put all personal data in one device or connected to one device to prevent bad actors from gaining full access to all identity verification requirements.

Constantly updating the device can also work as big tech companies regularly provide security updates to their live services.

Related Article: How to Secure Your Personal Data on Google Chrome

© 2024 iTech Post All rights reserved. Do not reproduce without permission.

Tags Windows microsoft Linux Cybersecurity Cyberattack

Company from iTechPost

  • Twitter

    Twitter

    Twitter is a microblogging and social
  • Sony

    Sony

    Japanese multinational conglomerate
  • Meta

    Meta

    Meta Platforms, Inc., doing business as
  • Intel

    Intel

    Intel's mission is to shape the future

More from iTechPost