The mere definition of a zero-day vulnerability fuels the nightmares of IT professionals across the globe. A zero-day vulnerability is one that is unknown to the platform or products owners or the party responsible for it, developers of such party, or anyone else capable of mitigating it. Recently, a zero-day vulnerability was discovered in nearly all commercially available computers.
In a blog entry by Christian Vasquez of CyberScoop, we follow along how the logo you see every time you turn on your computer has the potential to allow for a seemingly unremovable virus from your computer.
The ultimate zero-day being discussed is rightfully named LogoFAIL, and was unveiled by cybersecurity firm Binarly at Black Hat Europe. The exploit targets the bootup logo displayed by most devices, compromising nearly 95% of consumer hardware. Vulnerabilities in BIOS startup software from major vendors like Lenovo, American Megatrends, Phoenix Technologies, and many others hackers to execute unsigned code by substituting the logo image file with a malicious one.
“The exploit targets the bootup logo displayed by most devices, compromising nearly 95% of consumer hardware.”
– Christian Vasquez, CyberScoop.com
Vasquez goes on to describe how the nature of this malware is notoriously difficult to rid a PC of because it embeds itself in the most fundamental part of a PC’s motherboard. The difficulty is combating this sort of malware lies in its ability to circumvent early boot security measures, granting hackers deep control over systems.
Leave a Reply