@@TheVexCortexProbably just some crap "AI" model stole from GitHub. I've attended a number of hackthon and most of them are just shameless bullshitting competitions.
This isn't really a linux security issue but a generic security flaw in the uefi that has already been patched for a large number of systems. So this is nothing new. I think the more subtle point of this video is more about linux not being inherently more secure than windows if precautions aren't taken and vigilance not maintained.
I'm still confused on how you would "accidentally" get this onto your system. Most of the security issues require some pretty stupid actions on the part of the user - or physical access to the machine.
As Linux continues to gain popularity for desktop use, I anticipate we'll start to see more genuine malware targeting common distros. Suffering from success.
Actually, this could be quite useful. I have some old cisco servers that refuse to boot because they don't have a good signature and it's impossible to turn off secure boot (thanks cisco). This is intentional and is confirmed on their forums. I'd really like to bypass secure boot somehow and use these servers some day
@@pommy_the_mimic Cisco SUCKS! I'm glad EFI secure boot is being researched like this, we need to be able to bypass secure boot on the upcoming Windows 365 Link device.
Using Secure Boot with Nvidia and other propriety drivers can be a PITA, so most people don't use it to begin with. A lot of Linux users are vulnerable to this type of attack.
@marbens I haven't got around to doing on my Lenovo laptop because I'd have to reinstall Windows again. It's almost like Windows is more secure than Linux in this area unless you spend a lot of effort.
Bruh, when i have my x86 assembly book, still with me from uni, and hearing about this; it is insane how small memory reallocation is needed to fool certificates. Holy shit, wow.
Feels like a nothingburger. LogoFAIL is a previous vulnerability, and as soon as you have rights to install a new bootloader AND you can enroll keys, all bets are off. Reminder, that you need to execute code as root to exploit logofail and install a new bootloader. It's almost like saying if you exploit dirtycow to gain root on systems still vulnerable, then you can run arbitrary code as root on the system. It's a good demo of existing techniques, but no new revolutionary technique was used, just a clever combination.
this being said as linux becomes more popular more idiots are gonna start sudoing at every little thing. it is deffently good to know. and mother board manufacturers are not always super clear. ive seen a few asus bios updates that say "we fixed logofail" but some that doesnt say anything about logofail at all (including mine ROG STRIX B450-F GAMING.)
Thanks for this excellent video. That's why I have SecureBoot with my own PlatformKey enrolled and latest firmware installed to mitigate logofail. Yet, it absolutely does not invalidates the point that UEFI opens an unnecessary attack vector.
I didn't deep dive in this, but isn't the point of this malware to overwrite keys? Protection for this is to implement the LogoFAIL security patch for your mobo, that was most likely issued at the start of 2024.
Updating your firmware via fwupdmgr often doesn't have the latest from the manufacturer. LVFS works best when manufacturers use it, but when they don't it can give a false sense of security. I've had to boot Windows just to update the firmware for both Lenovo and HP.
I bumped into that problem (on HP G1 IIRC). You needed a win install to create the update usb or some dumb stuff like that on an old HP. I solved it by installing a virtual linux machine and run the HP-bios "create usb stick .exe" there, and it worked. (I tried doing it with wine, but with no success) But I DO remember faceslapping that they only released for windows this way. But FYI, you only need a virtual machine to create the update media, not a bare metal install. Can be done from another machine, the vm does NOT have be ran on the machine you want to update bios on. On newer HP machines, you can update the bios via internet directly in BIOS by just connecting a physical lan cable with access to the internet.
@@unconnectedbedna *nod* The fact that ASRock offers a "BIOS ROM in a Zip file" download is one of the contributing factors to my decision to build my latest Linux box around one of their boards about a year ago.
Yeah, wish more laptops had coreboot support. Only device I have that supports coreboot is my ThinkPad T530, which I installed coreboot with tianocore on, quite nice to use!
The problem is that patching Logofail requires a UEFI firmware flash. Which, even if you do everything exactly correctly, still has a decent chance of bricking your motherboard. Attempting to flash my old system to fix this is what lead me to my most recent system build :P
How often do you update your bios? Most people don't. Most people don't even know what that is. It's usually not even recommended to update bios, despite the possibility of security patches.
Predicted ages ago that, with the likely exodus from Microsoft Windows to Linux as Win10 support nears EoL, hackers and malware makers will exploit the vulnerabilities in Linux on a scale never seen.
I'm really curious as to what the image at 1:00 is supposed to be, it appears to be a cat with its paws on a laptop, but the laptop has a macropad instead of a trackpad?
This is why tools such as a Librem Key are important. If your system changes it changes the code. If your boot code doesn't match with the Librem Key code, it will notify you that something changed within the UEFI/TPM/Bitlocker, etc. If you made the change, update the code. If not, factory reset everything.
What about disabling the splash screen, opting for the POST text instead? If I remember correctly, this was a way to mitigate the image vulnerability by not loading one at all...
been a dev for 10 years and kept my head in the computer for 20 years and i've never done one single bios update :)) always been scared of bricking the computer
If I were you I would keep that to myself unless I want to ridicule myself as a "dev". Being an insecure entrypoint to any project you work on is probably something you want to keep your mouth shut about. You are quite literally a risk to work with.
@@unconnectedbedna Any company worth their salt has MDM software that prevents this. Plus, keeping quiet is the worst possible thing you can do. We all make mistakes, the sooner we admit them, the sooner we can fix them. I'd rather hear the security team at my workplace say they missed something in their testing procedure than have a dev come up to them with that same problem because they decided to keep quiet.
@@SG_GLOBALLinux safer than Windows is like laughable statement. By that logic TempleOS is the most secure system. The most vulnerable link is always the user, and the more obscure and unknown OS the less chance user would be dumb in his actions.
The real shocker was that they have a "best of the best" competition, still valuing excellence. Over here it feels like everybody gets a participation trophy.
All I know is that everything I do on my Linux desktop takes half the time it did when I last used Windows, with no constant crashes of QGIS. As far as the bootkit goes, I'm sure it will be taken care of before I upgrade to the next version of Mint (22.1).
1. No software in userspace on EARTH can protect you from this. (there is absolutely nothing mint or any distro can do about this) 2. It already IS patched, in Januari of 2024. LogoFAIL firmware patch for your MOTHERBOARD.
BMP files are actually often compressed. Run length encoding, the lowest form of compression (bad but helps a lot for a small logo on a black background).
Yeah, he likely meant that BMP are lossless, rather than lossy. People usually refer to lossless as uncompressed, even if reversible binary compression techniques are used.
Joke's on me, I GET NO extra information by disabling it, just a black screen instead. xD Still disabled it when patching this security flaw in januari of this year though...
All this is assuming someone has gained access to your Linux system and has replaced the grub bootloader (bootx64.efi) and the signed linux kernel with a malicious binary. This would imply they have your root password to install the firmware. Far-fetched but possible. But since they cannot modify the UEFI BIOS itself, the hash keys stored in the TPM would fail the match and the Kernel wouldn't boot in the first place.
This is an EFI issue, not so much a Linux issue. Also, Linux (and intelligent Windows users) will zero a disk and reinstall, not "reset", and this process wipes everything on disk including the EFI partition and boot loader. Also what about those of us with uptimes of over a thousand days? I mean, you don't have to reboot Linux to update it. It isn't Windows. Could this even affect a system that never reboots?
That interests me too... at worst send it to some specialist to flash the entire UEFI. I think Chernobyl did a similar thing. My mate had it back then. Nasty stuff.
you could probably easily see if your system is infected by after setting up your OS directly making a clone of your MBR partition to an external drive and once in a while check bit for bit via a life linux if this is still the same as your MBR on the disk.
I have been working through Jon Ericsson’s book. The NOP sled seems to constantly fail due to stack canaries. You mentioned memory randomization not working, but are stack canaries not enabled when working at the point of bootup?
How compatible is this? Like if you just made a custom kernel patch with extra init functions to directly block the functionality does it have workarounds? Is it possible to create an encryption stream for all kernel memory, mapping of function/data to specific locations, etc., such that even an EFI level process with secureboot permissions could not inject itself? I’ve always wondered about bootkits for linux cause the process is so much more variable. You could have the actual kernel files themselves and boot process files on the disk, randomize layout and labeling schemes for functions et al. along with loading order, such that a precompiled binary would not be able to determine where/how to inject into the stack, memory, or disk.
Mean the version used in the comp seems cool 😎 I'd just it on my laptop with 100% vulnerability because company hasn't updated it in almost 6 years... come out 7 years ago, as it turns out they dont care about the student machines Of all my computers only one was patched to fix logo fail properly Also happens to be the only expensive one made in last few years
True now im a min 57 in and i can already guess a real think outside the box method i assume they secured everything in the boot but the logo so they were able to inject and reverse engine from the logo pretty smart and back then most companies wouldnt think about that and now most companies would never update that well now they will just for something new
I once found image like this on a public healthcare website, while waiting to register there it took too long to load, so i did the gt metrix test and a image of ~ 200x200 of 4-10mb poped up :/ website didnt have a bugbounty....
Temple os remains unaffected
the true temple of the mind (the scitzoid mind )
The only 2 users of temple OS can breath a sigh of relief now.
@snowflakemelter7171
>he doesn't use Temple OS as a daily driver
Couldn't be me.
AMEN BROTHER 🐘
if you trust nobody, not even your shadow, nobody, I REPEAT, nobody can trick you
Are we not going to talk about the fact that they got 3rd place and only $100 for this?
For real, these competitions are just to steal from the winner
wtf, no way
I wanted to see what earned first and second place... Can't find anything about the program...
FFS
@@TheVexCortexProbably just some crap "AI" model stole from GitHub. I've attended a number of hackthon and most of them are just shameless bullshitting competitions.
This isn't really a linux security issue but a generic security flaw in the uefi that has already been patched for a large number of systems. So this is nothing new. I think the more subtle point of this video is more about linux not being inherently more secure than windows if precautions aren't taken and vigilance not maintained.
I'm still confused on how you would "accidentally" get this onto your system. Most of the security issues require some pretty stupid actions on the part of the user - or physical access to the machine.
@@dont.beknown5622the least secure part of any computer is usually sitting between the screen and the chair
@@dont.beknown5622 Never underestimate the capabilities of the security problem 30cm infront of the screen
@@dont.beknown5622 Simple, you can install it as a "software" from outside/user repos.
@@dont.beknown5622 Have you heard of an Evil Maid Attack?
As Linux continues to gain popularity for desktop use, I anticipate we'll start to see more genuine malware targeting common distros.
Suffering from success.
Luckily by then I will be using my own abomination fork of my common distro of choice in the future
@@Amaling and its gonna be more secure? 😅
@@augustday9483 or buying amd cpu is more secure on linux with Memory encryption
that's when we are moving to bsd and haiku
Anyone who leaves systemd vulnerabilities in place deserves what they will get.
Actually, this could be quite useful. I have some old cisco servers that refuse to boot because they don't have a good signature and it's impossible to turn off secure boot (thanks cisco). This is intentional and is confirmed on their forums.
I'd really like to bypass secure boot somehow and use these servers some day
yep, kinda like mtkclient
Jailbreak your Ciscos?
Get them cisco bastards
based malware 😎
@@pommy_the_mimic Cisco SUCKS! I'm glad EFI secure boot is being researched like this, we need to be able to bypass secure boot on the upcoming Windows 365 Link device.
i hate AI generated images so much its unreal
well with the release of sora you'll be watching ai generated videos from now on! A whole new dimension of uncanny!
Same. Why not draw a pretty little picture? Doesn't even have to look good, just not nauseate the audience like AI crap
same
@@SockTaters agree. shitty mspaint is way more entertaining and endearing than ai images.
what? you're telling me that you don't like art being replaced with soulless images generated by an ai? how dare you!
Legacy BIOS gang, how we doing? 😎
please just give me some money
i7-980X! Still alive.
We chillin :)
Fine, brother!
gotta patch it ourselves.
Using Secure Boot with Nvidia and other propriety drivers can be a PITA, so most people don't use it to begin with. A lot of Linux users are vulnerable to this type of attack.
Signed Nvidia drivers are pretty sweet in Fedora 41, finally.
1. I patched my system IMMEDIATELY in Januari of 2024
2. The img in my boot sequence is disabled.
I think I'm good...
@marbens I haven't got around to doing on my Lenovo laptop because I'd have to reinstall Windows again. It's almost like Windows is more secure than Linux in this area unless you spend a lot of effort.
Bruh, when i have my x86 assembly book, still with me from uni, and hearing about this; it is insane how small memory reallocation is needed to fool certificates. Holy shit, wow.
Not even IF, but WHEN this gets more popular, this will be an absolute nightmare to deal with for a lot of people.
I give it a week.
They will hotfix the bmp lib and it will be over, I hope
You can just clear the CMOS jumper and or pull the CMOS battery to restore the firmware, it's not that serious.
@@PtolemyPetrie I hope this is a troll post.
im still using an asrock am4 board from 2018 that already patched logofail in january
Geez. I'm gonna go back to filing cabinets, and cathode ray tube televisions. Life was easy.
My IBM PS/2 286 still works great
How will you get the data onto paper? Printer spool virus vulnerability?
@@contradictorycrow4327 Type writter
Feels like a nothingburger. LogoFAIL is a previous vulnerability, and as soon as you have rights to install a new bootloader AND you can enroll keys, all bets are off. Reminder, that you need to execute code as root to exploit logofail and install a new bootloader. It's almost like saying if you exploit dirtycow to gain root on systems still vulnerable, then you can run arbitrary code as root on the system.
It's a good demo of existing techniques, but no new revolutionary technique was used, just a clever combination.
this being said as linux becomes more popular more idiots are gonna start sudoing at every little thing. it is deffently good to know. and mother board manufacturers are not always super clear. ive seen a few asus bios updates that say "we fixed logofail" but some that doesnt say anything about logofail at all (including mine ROG STRIX B450-F GAMING.)
Exactly my thoughts.
My brain can identify bot comments and it won’t even let me look at them it’s just auto skips them
Good skill to have nowadays
@@polandman07 Dystopian as fu
Thanks for this excellent video. That's why I have SecureBoot with my own PlatformKey enrolled and latest firmware installed to mitigate logofail. Yet, it absolutely does not invalidates the point that UEFI opens an unnecessary attack vector.
I didn't deep dive in this, but isn't the point of this malware to overwrite keys?
Protection for this is to implement the LogoFAIL security patch for your mobo, that was most likely issued at the start of 2024.
Updating your firmware via fwupdmgr often doesn't have the latest from the manufacturer. LVFS works best when manufacturers use it, but when they don't it can give a false sense of security. I've had to boot Windows just to update the firmware for both Lenovo and HP.
I bumped into that problem (on HP G1 IIRC). You needed a win install to create the update usb or some dumb stuff like that on an old HP.
I solved it by installing a virtual linux machine and run the HP-bios "create usb stick .exe" there, and it worked. (I tried doing it with wine, but with no success)
But I DO remember faceslapping that they only released for windows this way.
But FYI, you only need a virtual machine to create the update media, not a bare metal install.
Can be done from another machine, the vm does NOT have be ran on the machine you want to update bios on.
On newer HP machines, you can update the bios via internet directly in BIOS by just connecting a physical lan cable with access to the internet.
@@unconnectedbedna *nod* The fact that ASRock offers a "BIOS ROM in a Zip file" download is one of the contributing factors to my decision to build my latest Linux box around one of their boards about a year ago.
can't believe youtube shadow banned this video for 1 minute...
How do you determine if a video is shadow banned?
@@SockTatersits a joke
@@SockTaters r/woooosh
@@Foxyy01 I don't get it either.
It was not, look into how yt comment processing looks for the first few mins after upload
ai generated cat laptop.jpeg
Ewww
oh god the comment section is already filled with bots
yeah, lots of temple os bots and ai is bad muppets
(points guun) "Always has been."
coreboot chads keep winning
wish more laptops came with it ootb
@@darukutsu same, we need more stuff like system76
Then you would have more people targeting coreboot, and CVEs filed for that. What is the most used is the most targeted.
Yeah, wish more laptops had coreboot support.
Only device I have that supports coreboot is my ThinkPad T530, which I installed coreboot with tianocore on, quite nice to use!
@@RetroDeleteThinkPad bros just keep winning
took a very big poo earlier, not feeling good.
You need a bigger one
i cant blee
@@stefanjones8042 i'm getting there..
Working on one right now
Keep us updated
Logofail has been patched already. This would only affect any system that hasn't done the security update.
The problem is that patching Logofail requires a UEFI firmware flash. Which, even if you do everything exactly correctly, still has a decent chance of bricking your motherboard. Attempting to flash my old system to fix this is what lead me to my most recent system build :P
How often do you update your bios? Most people don't. Most people don't even know what that is. It's usually not even recommended to update bios, despite the possibility of security patches.
The last bios update made for my system was 2018 mann.
Assuming a lot of systems with this vulnerability will ever get another UEFI update.
@@Pro_Triforcer Windows automatically includes BIOS updates with Windows Update, so probably more often than you think.
To be or not to be a bot. This is the question
Predicted ages ago that, with the likely exodus from Microsoft Windows to Linux as Win10 support nears EoL, hackers and malware makers will exploit the vulnerabilities in Linux on a scale never seen.
Dude there are so many bots in the comments.
Dead Internet theory becomes more believable every day.
I dunno some dude was telling us about the dump he took
I dont think there's a bot that does that
@@nuclearicebreaker i could swear, these bots are getting more advanced by the day!
So says the guy with the Ukraine-ish avatar. 👏😉
@@interstellarsurferSo if someone has yellow and blue in their pfp they are a bot?
has already been released as BootyKitty
I'm really curious as to what the image at 1:00 is supposed to be, it appears to be a cat with its paws on a laptop, but the laptop has a macropad instead of a trackpad?
All I know is that its most likely AI Generated
It's AI generated trash used by someone who doesn't understand they shouldn't be using that crap.
@@OhhCrapGuy I know it's ai generated, I'm curious what sort of prompt you would have to use to get that nightmarish of an image
algorithm. Thanks for doing all the work to find, understand, and explain these events. Greatly appreciated!
Absolutly horrifying (5 years ago)
Awesome overview, and kudos for prompting folks to patch!
This is why you run TempleOS
Wtih pissandshittium (google that and look for the ghub) as web browser right?
God protect us✊🙏🙏
this is how skynut is formed
Nice, same idea as tracking pics, but deeper in the system, nice work!
This is why tools such as a Librem Key are important. If your system changes it changes the code. If your boot code doesn't match with the Librem Key code, it will notify you that something changed within the UEFI/TPM/Bitlocker, etc. If you made the change, update the code. If not, factory reset everything.
The LogoFail vulnerability is a year old now. Haven't motherboard manufacturers released updated BIOS to fix it?
What about disabling the splash screen, opting for the POST text instead?
If I remember correctly, this was a way to mitigate the image vulnerability by not loading one at all...
00:30 when a kitty cats
been a dev for 10 years and kept my head in the computer for 20 years and i've never done one single bios update :)) always been scared of bricking the computer
If I were you I would keep that to myself unless I want to ridicule myself as a "dev".
Being an insecure entrypoint to any project you work on is probably something you want to keep your mouth shut about. You are quite literally a risk to work with.
@@unconnectedbedna You're acting as if the majority of IT workers practice common sense cysec.
They don't
@@unconnectedbedna Any company worth their salt has MDM software that prevents this. Plus, keeping quiet is the worst possible thing you can do. We all make mistakes, the sooner we admit them, the sooner we can fix them. I'd rather hear the security team at my workplace say they missed something in their testing procedure than have a dev come up to them with that same problem because they decided to keep quiet.
Thanks for the explaination. I Can Now know for sure that I got 2 bootkits on 2 laptops of mine 😂
My work is called unified emergent field theory. And I miss read you using that acronym 😂. I was like who made a booklet in my work. 😮💨
Still safer than Windows... Good Info, thanks for reporting this.
No
@iamwitchergeraltofrivia9670 Are you on of those Linux ully-Trolls or is there an intelligeable response to be made on your behalf?
@@SG_GLOBALLinux safer than Windows is like laughable statement. By that logic TempleOS is the most secure system. The most vulnerable link is always the user, and the more obscure and unknown OS the less chance user would be dumb in his actions.
@@salce_with_onion Valid. OPSEC is the largest issue under todays survellience state.
Hey Outlaw, does secure boot protect linux and do you recommend it? I ask because most distros don't support secure boot.
The real shocker was that they have a "best of the best" competition, still valuing excellence. Over here it feels like everybody gets a participation trophy.
All I know is that everything I do on my Linux desktop takes half the time it did when I last used Windows, with no constant crashes of QGIS. As far as the bootkit goes, I'm sure it will be taken care of before I upgrade to the next version of Mint (22.1).
1. No software in userspace on EARTH can protect you from this. (there is absolutely nothing mint or any distro can do about this)
2. It already IS patched, in Januari of 2024. LogoFAIL firmware patch for your MOTHERBOARD.
firware updates applied, thanks for the reminder!
BMP files are actually often compressed. Run length encoding, the lowest form of compression (bad but helps a lot for a small logo on a black background).
Yeah, he likely meant that BMP are lossless, rather than lossy. People usually refer to lossless as uncompressed, even if reversible binary compression techniques are used.
Attempt # 4.
Trying to get your attention to check your microphone because your S letters sound like a sword cutting something.
From the 💻Linux to the 🎋virus to the 🛤️UEFI to the 😺bootkitty🗣️🔥🔥🔥 wheres my 🏥Programmer always when my bios is broooookeeen💀
This method isn't old news. This bmp method was also used on older Sony PSP models as a viable way to jailbreak it.
4:29 say that again
GET OUT OF MY HEAD
LINUX TUAH
@@pecopeco2815Tux Tuah, sudo on that thang
what
I once heard 1 out of 3 comments is by a bot, but this comment section is more like 9/3 comments is by a bot!
That penguin pops back up like, I hope no one saw that lmao
What if your old computer doesn’t get the update?
Don't most people keep secure boot off anyways in order to dual boot?
What do you think of Libreboot in 2024?
Gonna go make my own bootloader to btfo all malware by security by obscurity.
As a person who uses inside h20 BIOS, this scared me a little bit cus my manufacturer doesn't provide new BIOS updates anymore
lmao same. really makes you feel like you're still using Windows XP after all this time!
Joke is on ya'll, I disable fullscreen logo because I think the debug and boot information looks better
Joke's on me, I GET NO extra information by disabling it, just a black screen instead. xD
Still disabled it when patching this security flaw in januari of this year though...
@@unconnectedbedna I mean yes I do too. But, I always did. I don't like other people's logos on the machine that I put together.
You should do videos on how to patch these vulnerabilities as they come out.
The footage of penguins throwing themselves from the cliff was masterfully put.
haha I was so mad when Gigabyte removed the ability to replace the Aorus logo, but they said it was a sec vuln
All this is assuming someone has gained access to your Linux system and has replaced the grub bootloader (bootx64.efi) and the signed linux kernel with a malicious binary. This would imply they have your root password to install the firmware. Far-fetched but possible. But since they cannot modify the UEFI BIOS itself, the hash keys stored in the TPM would fail the match and the Kernel wouldn't boot in the first place.
so what happens if say the bios hasn't been updated from the motherboard manufacture since oh idk 2018
This is an EFI issue, not so much a Linux issue. Also, Linux (and intelligent Windows users) will zero a disk and reinstall, not "reset", and this process wipes everything on disk including the EFI partition and boot loader.
Also what about those of us with uptimes of over a thousand days? I mean, you don't have to reboot Linux to update it. It isn't Windows. Could this even affect a system that never reboots?
how would you go about recovering a compromised system???
That interests me too... at worst send it to some specialist to flash the entire UEFI. I think Chernobyl did a similar thing. My mate had it back then. Nasty stuff.
Probably just a BIOS/UEFI flash.
7:40 And yet that's impossible to do w/o installing Windows first on my Lenovo laptop, genius.
you could probably easily see if your system is infected by after setting up your OS directly making a clone of your MBR partition to an external drive and once in a while check bit for bit via a life linux if this is still the same as your MBR on the disk.
Logofail and now this, should’ve just listened to Luke Smith and use BIOS.
I’m almost positive that he is luke smith. 😂
The best of the best is also a very fun and cheesy 80's karate movie x)
so they discovered NSA toy and now it's going to be fixed in the future?
1:01 the cat on the laptop is AI
You are clearly an AI bot
No shit.
The more popular the OS means more attacks on said OS.
at least using this, we are able to understand how this could occur in the wild, and possibly the vulnerability can be patched up, right?
It was, in Januari 2024.
LogoFAIL security patch for your mobo.
if all the small businesses would understand the scope of such vulnerabilities..
I feel like we are on the verge of an internet dark age...
Always had a problem getting grub to work with secure boot. Constantly put it off, but now it seems I have no choice.
I half expect bootkitty to become a popular VTuber channel name and it'll completely drown out this entire discussion about this.
Could you make a video on your thoughts about SteamOS?
It's been more than 10 years since I've seen something similar.
But this still requires phisical access.
so what do i do if im using 20 year old technology?
Pray? Buy new gear? One of those.
@@FlameForgedSoul ibm is love, ibm is life.
@@Super61aBest space heaters ever made. 👍
@@FlameForgedSoul New stuff already has built in malware, intel me and amd psp. cell phones also have embedded malware.
@@Compact-Disc_700mb Why don't the feds use them then?
How does the attacker get the bmp onto the flash chip or wherever the original boot logo lives?
Would the affect a type 1 hyper visor? Probably just the OS running on the bare metal?
then all we got to do then is update the bios?
What would the path of infection be, how do they install it (if someone decides to use it non-ethically)?
I have been working through Jon Ericsson’s book. The NOP sled seems to constantly fail due to stack canaries. You mentioned memory randomization not working, but are stack canaries not enabled when working at the point of bootup?
Awww but it has such a cute name tho!!!
How compatible is this? Like if you just made a custom kernel patch with extra init functions to directly block the functionality does it have workarounds? Is it possible to create an encryption stream for all kernel memory, mapping of function/data to specific locations, etc., such that even an EFI level process with secureboot permissions could not inject itself? I’ve always wondered about bootkits for linux cause the process is so much more variable. You could have the actual kernel files themselves and boot process files on the disk, randomize layout and labeling schemes for functions et al. along with loading order, such that a precompiled binary would not be able to determine where/how to inject into the stack, memory, or disk.
UEFI doesn't *have* a Master Boot Record. It has an (or more than one) EFI System Partition.
Mean the version used in the comp seems cool 😎 I'd just it on my laptop with 100% vulnerability because company hasn't updated it in almost 6 years... come out 7 years ago, as it turns out they dont care about the student machines
Of all my computers only one was patched to fix logo fail properly
Also happens to be the only expensive one made in last few years
how do you screw up something as trivial as a bmp decoder
My grandma had a black cat named Boo and she often called it Boo Kitty.
Sounds amazing. But how do you switch logo with the infected image without root access?
Master Boot Record mentioned.
So we have to be more careful on third party or unknown distro that does not supported by the community?
if(image.width > 0 && image.height > 0) fixes it
True now im a min 57 in and i can already guess a real think outside the box method i assume they secured everything in the boot but the logo so they were able to inject and reverse engine from the logo pretty smart and back then most companies wouldnt think about that and now most companies would never update that well now they will just for something new
You know how they say "enough internet for today"? Maybe we should skip internet for ever.
I once found image like this on a public healthcare website, while waiting to register there it took too long to load, so i did the gt metrix test and a image of ~ 200x200 of 4-10mb poped up :/ website didnt have a bugbounty....
my oem still havent release a UEFI update....i am cooked
What if you just never have your logo show up on bios start anyways because of your settings?
So the UEFI is compromised but systemd-boot is safe?