article thumbnail

New Windows/Linux Firmware Attack

Schneier on Security

Interesting attack based on malicious pre-OS logo images : LogoFAIL is a constellation of two dozen newly discovered vulnerabilities that have lurked for years, if not decades, in Unified Extensible Firmware Interfaces responsible for booting modern devices that run Windows or Linux… The vulnerabilities are the subject of a coordinated mass disclosure (..)

Firmware 307
article thumbnail

Backdoor Built into Android Firmware

Schneier on Security

In 2017, some Android phones came with a backdoor pre-installed : Criminals in 2017 managed to get an advanced backdoor preinstalled on Android devices before they left the factories of manufacturers, Google researchers confirmed on Thursday. That meant the malware could directly tamper with every installed app. This is a supply chain attack.

Firmware 260
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

New Windows/Linux Firmware Attack

Security Boulevard

Interesting attack based on malicious pre-OS logo images : LogoFAIL is a constellation of two dozen newly discovered vulnerabilities that have lurked for years, if not decades, in Unified Extensible Firmware Interfaces responsible for booting modern devices that run Windows or Linux….

article thumbnail

Android devices shipped with backdoored firmware as part of the BADBOX network

Security Affairs

Researchers warn that more than 70,000 Android smartphones, CTV boxes, and tablets were shipped with backdoored firmware as part of BADBOX network. Cybersecurity researchers at Human Security discovered a global network of consumer products, dubbed BADBOX, with firmware backdoors installed and sold through a compromised hardware supply chain.

Firmware 142
article thumbnail

OCP Launches SAFE to Standardize Firmware Audits

Dark Reading

Under the Security Appraisal Framework and Enablement (SAFE) program, device manufacturers would be able to work with approved auditors to verify firmware.

article thumbnail

LogoFAIL Vulnerabilities Expose Firmware Attacks: Endpoint Security Solutions at Risk

Penetration Testing

Numerous security vulnerabilities collectively known as LogoFAIL enable malefactors to interfere with the booting process of computer devices and implant bootkits, owing to issues related to image analysis components used by motherboard manufacturers for... The post LogoFAIL Vulnerabilities Expose Firmware Attacks: Endpoint Security Solutions (..)

article thumbnail

Gigabyte firmware component can be abused as a backdoor

CSO Magazine

Researchers warn that the UEFI firmware in many motherboards made by PC hardware manufacturer Gigabyte injects executable code inside the Windows kernel in an unsafe way that can be abused by attackers to compromise systems. Sophisticated APT groups are abusing similar implementations in the wild.

Firmware 103