LogoFAIL seti yekusagadzikana iyo inokanganisa akasiyana ekuongorora mifananidzo maraibhurari anoshandiswa muEFI
Mazuva mashoma apfuura, Binarly vaongorori vakaburitsa, kuburikidza ne blog post, nhevedzano yehutera mukodhi yekuongorora yemifananidzo inoshandiswa mukati iyo firmware UEFI inobata Windows neLinux masisitimu, ese x86 uye ARM-based zvishandiso. Hutera hunonzi pamwe chete LogoFAIL nekuti ivo varipo muUEFI mifananidzo analyzer inoratidza logo yemugadziri kana system bhutsu.
Kunetseka inomuka kubva kujekiseni yemafaira emufananidzo muEFI system partition (ESP), chinhu chakakosha cheiyo boot process. Nepo kusadzivirirwa kusingakanganisi kuvimbika kwenguva yekumhanya, vanovhura musuwo wekuramba vachirwiswa nekubvumira malware kuchengetwa mukati meiyo system.
Nezve LogoFAIL
Binarly vatsvakurudzi Ivo vanotaura kuti kusasimba kwakaonekwa panguva yekuongororwa kweLenovo firmware yakavakirwa pamapuratifomu kubva kuInsyde, AMI nePhoenix, asi firmware kubva kuIntel neAcer zvakataurwa zvakare sezvingangoita panjodzi.
Dambudziko rekusagadzikana imhaka yekuti vazhinji vanogadzira PC Vanoshandisa UEFI yakagadzirwa nemakambani mashoma Inozivikanwa seYakazvimirira BIOS Vendors (IBV) iyo inobvumira vagadziri vemakomputa kuti vagadzirise iyo firmware, kungave kuratidza yavo logo uye zvimwe zvemhando zvinhu pakombiyuta skrini panguva yekutanga bhutsu chikamu.
Firmware Yemazuvano UEFI ine mifananidzo parsers yemifananidzo mune akasiyana mafomati zvakasiyana (BMP, GIF, JPEG, PCX uye TGA), iyo inowedzera zvakanyanya kurwisa vector uye nokudaro mukana wekusagadzikana uchitsvedza. Muchokwadi, iyo Binarly timu yakawana 29 nyaya mumifananidzo parsers yakashandiswa muInsyde, AMI, uye Phoenix firmware, iyo gumi neshanu yaishandiswa zvisina tsarukano kodhi kuuraya.
"Iyi yekurwisa vector inogona kupa munhu anorwisa mukana nekupfuura akawanda ekupedzisira ekuchengetedza mhinduro uye kuendesa yakavanzika firmware boot kit iyo inorambira muchikamu cheESP kana firmware capsule ine yakagadziridzwa logo mufananidzo,"
Kusagadzikana kunomuka kubva mujekiseni remafaira emifananidzo akagadzirwa, iyo inogona kupa nzvimbo yakasarudzika yekuwana kuchikamu cheESP kudzima UEFI chengetedzo maficha, shandura iyo UEFI boot order uye saka inobvumira munhu anorwisa kuti asvike kure nehurongwa kana kubvumira anorwisa kuti awane kuwana kwemuviri kubva kune chinangwa.
Saizvozvo, Izvi zvinokanganisa zvinogona kukanganisa kuchengetedzeka kwehurongwa hwese, kupa "sub-OS" matanho ekuchengetedza, senge chero mhando yebhoti yakachengeteka, isingashande, kusanganisira Intel Boot Guard. Iyi nhanho yekukanganisika inoreva kuti vanorwisa vanogona kuwana kudzora kwakadzama pamusoro peakakanganisika masisitimu.
"Mune dzimwe nguva, munhu anorwisa anogona kushandisa logo yekugadziridza interface yakapihwa nemutengesi kuti aise iyi mifananidzo yakaipa."
Njodzi itsva iyi inomutsa kunetseka kukuru kune vashandisi nemasangano Ivo vanovimba nemidziyo kubva kuvagadziri vakuru vakaita seIntel, Acer, Lenovo, uye UEFI firmware vatengesi vakaita seAMI, Insyde, uye Phoenix.
Kusvika pari zvino, zvakaoma kuona kuomarara, sezvo pasina kushandiswa neveruzhinji kwakaburitswa uye kumwe kusagadzikana kweveruzhinji kwakayerwa zvakasiyana nevatsvagiri veBinarly vakawana kusagadzikana kweLogoFAIL.
Kuburitswa uku kunoratidza ratidziro yeruzhinji yekutanga yenzvimbo dzakabatana dzekurwisa ine graphic image analyzers yakadzikwa muUEFI system firmware kubvira 2009, apo vaongorori Rafal Wojtczuk naAlexander Tereshkin vakaratidza kuti BMP mufananidzo parser bug inogona kushandiswa sei kune malware kushingirira.
Kusiyana neBlackLotus kana BootHole, zvakakosha kuziva kuti LogoFAIL haiputsi kutendeseka kweiyo nguva yekumhanya nekugadzirisa iyo bootloader kana firmware chikamu.
Pakupedzisira, kana iwe uchifarira kuziva zvakawanda nezvazvo, unogona kutarisa ruzivo mu inotevera chinongedzo.