Sponsored: Stop data brokers from exposing your personal information. 😤 Go to aura.com/thiojoe to get a 14-day free trial and see how much of yours is being sold.
@tyroniebalonie
6 ай бұрын
What if your motherboard has dual uefi? Couldnt I just switch my uefi if one of them got compromised or does this infect both?
@AWIRE_onpc
6 ай бұрын
no
@zenvio
6 ай бұрын
ew no
@scrappychildhood6633
6 ай бұрын
Would not be Suprised if DARPA and other 3 letter agenices i won't mention had this for decades yet somehow got in bad hands
@envyy_valo
6 ай бұрын
ok (:
@joaquingomezullrich878
6 ай бұрын
All of the firmware level malware could be solved by just putting a physical write enable jumper on the motherboard. The EEPROM is read-only by default, if you want to flash the chip, you just move the jumper and reset it when you're done. It's not like you're updating the UEFI/BIOS every week
@fautex47
6 ай бұрын
Yeah, why isn't this standard yet? Would love this on hard drives too
@marenjones6665
6 ай бұрын
1) pretty sure this used to be a thing 2) laptops aren't designed to be opened 3) companies want us to be fully reliant on them for all services, so anything that straightforward is anathema to them. 😢
@futuza
6 ай бұрын
Yes, I dunno why they don't just do this with UEFI. They basically used to back in BIOS land. It'd be nice to have this option for ssds as well
@marenjones6665
6 ай бұрын
What I loved was an old mobo back in my Vista days (yes, laugh at me) that had tiny switches on it, like lightswitches, instead of jumpers. Flip swich, flash bios, flip switch back. No chance of mangling a jumper with my very clumsy fingers, no chance of dropping it in the carpet to be forever lost. Don't know why those never caught on.
@TheRealScooterGuy
6 ай бұрын
@@marenjones6665 -- Power users loved them. But penny pinching took over manufacturing. EVERY penny matters when making millions of some item.
@ricardolmendes
6 ай бұрын
You forgot to mention another way to protect this attack from working if your UEFI has the option to disable the boot logo. Disabling it will effectively eliminate this attack vector. This is specially useful for older motherboards that will never get a proper bios update to tackle this issue.
@Darkk6969
6 ай бұрын
Good tip. Quick and easy to do.
@AccessRealty-p7k
6 ай бұрын
How do you disable the UEFI ? Thank you 😊
@ricardolmendes
6 ай бұрын
@@AccessRealty-p7k on most non-corporate desktop motherboards you have the option to disable the boot logo on the boot section of the UEFI menu. Some laptops (specially gaming brands) also have this option.
@Yezpahr
6 ай бұрын
@@AccessRealty-p7k It's not the UEFI you disable, but the boot logo. First get into the UEFI/Bios by tapping F2 while the computer starts or maybe it's a different key for you. It's also possible access to the Bios was disabled if you bought it from an overly eager computer store.
@pafik_
6 ай бұрын
Well, my older computer doesn't even have an UEFI so it don't support the virus at all 😂
@totalchaos1976
6 ай бұрын
this is why it should be read only until a jumper is changed like the old days
@n.lightnin8298
6 ай бұрын
Underrated comment
@Ether_Void
6 ай бұрын
The attack would however still work with a logo stored on the EFI partition or NVRAM. Often NVRam and EEPROM are combined into a single flash chip in which case making it read-only wouldn't work. Also other parts of the firmware like intel microcode, USB/Thunderbold peripherals etc. can have security issues which would be baked into the motherboard after shipping. It's basically a 'pick your poison' type of situation.
@locklear308
6 ай бұрын
*OEM's having 500 strokes per second at the thought*
@xmaniac99
6 ай бұрын
Very practical solutions when you have edge boxes in the middle of nowhere and you need to remote flash.
@Ihavelostallporpuse
6 ай бұрын
Most UEFIs store the settings on a flash chip, so if you make it Read only you couldn't change settings.
@Lebon19
6 ай бұрын
Thanks a lot Thio for this! I just updated the BIOSes of my Gigabyte X570 Aorus Master. ...and proceed to have all my settings wiped off, including my fan curves. But it was worth it for this vulnerability alone.
@Tom-kl9jf
6 ай бұрын
yes thanks Thio for the PSA, and me too. and don't forget your xmp settings
@cskillers1
6 ай бұрын
for future, you can save your bios profile settings on your hard drive whenever you are updating the bios saving inside the bios profiles also may work, but on some mobos these are also wiped during the flash, only on some though in most of cases, you can use profiles from older bios versions on new bios versions just fine but if there was massive change in upgraded version - the usage of old bios profile may bring a problem or to not work as it should
@Lebon19
6 ай бұрын
@@cskillers1I know about it. I just... only thought about it after the fact... when everything was gone.
@cskillers1
6 ай бұрын
@@Lebon19 yeah happens man, happened to me too
@MichaelZimmermann
6 ай бұрын
Attack1(EFI partition logo) shouldn't matter because that can be removed by wiping your disk (like any other virus). Attack3(SPI flasher) is actually very relevant for second-hand hardware because the seller or a previous owner could have done that to the board.
@rovano10
6 ай бұрын
Exactly. Rather than risk anything, entire server boards are thrown away.
@Elytraz17
6 ай бұрын
Why does this guy not get more views, likes, subs & comments. i love this guy's videos
@GregoryShtevensh
6 ай бұрын
I doubled my internet speed, with nothing other than 2 batteries, a cut Ethernet cable, and uncut cable, some electrical tape, and a human sacrifice, and all thanks to this guys' videos
@Elytraz17
6 ай бұрын
@@GregoryShtevensh really?
@RT-.
5 ай бұрын
@@Elytraz17 Sort his videos by old 😉
@Elytraz17
5 ай бұрын
@@RT-. ok?.......
@tigerscott2966
6 ай бұрын
This is why it's a must to have an Arsenal today... You need extra computers, laptops and mobile devices and a backup hard drive..
@Lauren_C
6 ай бұрын
Given that my hardware is well past any manufacturer’s support date (my desktop is 4th gen Core), I don’t exactly have much choice but to run the UEFI as is.
@maltron66
6 ай бұрын
Despite being born into electronics, I was too much of a pussy to attempt a BIOS update by myself. Even though I've never bricked any of my devices and even though I've installed custom firmware on all of my consoles (which is basically the same thing as a BIOS update), I was always scared of fucking it up or something going wrong, like a power cut occuring at the most inopportune time. But after this video, I finally worked up the courage to do it. The update process itself took considerably longer than it did on some KZitem videos, plus I had a mini-stroke when the TV kept losing and finding the signal for half a minute, but all's well that ends well. My computer is safe and I learned something new. Thanks, TJ!
@issigonis975
6 ай бұрын
I need to pluck up courage later if there is one available otherwise keep doing offline backups until I get a replacement which I don't need right now.
@justincase5272
6 ай бұрын
Use a known good security suite (Norton, Bitdefender, etc.). These routinely check and guard the UEFI portion of the hard drive, in addition to monitoring actions of code running in your computer. Use a bios password, and not "password!" Mine won't allow any updates without it. Only update your bios with a flash file downloaded directly from your hardware manufacturer or the bios manufacturer. Never download or run software from the Internet unless it's from known good sources.
@casaraku1
6 ай бұрын
It looks like you are not going to go out of business any time soon Mr. Joe..... always fun to be had. Cheers.
@erkamau9629
4 ай бұрын
The only security tip for not updated bios is to block in an out malware calls with a good firewall
@ScientificZoom
6 ай бұрын
It also accessing system level privileges at first glance, but next routine is where it turns tedious, as it comes upto the BIOS and just showing up a circle rotating
@daylightdies7194
6 ай бұрын
Thank you Joe and KZitem for recommending this I’ll jump on the pc now and check for an bios update 🇬🇧👍
@tuunaes
6 ай бұрын
The more fashion bloat is added to something, the more vulnerabilities there will be. That would be good thing for various hardware designers to remember when thinking what fashion features they'll add. And BIOS flashing from Windows itself is also another vulnerable area.
@chromerims
6 ай бұрын
Emphasizing, "The more fashion bloat is added to something, the more vulnerabilities there will be. "And BIOS flashing from Windows itself is also another vulnerable area."
@rovano10
6 ай бұрын
And do you think the developers decide that?
@chromerims
6 ай бұрын
@@rovano10 👍 " . . . decide that?" Provenance of these ideas -as with many bad and harmful ones- is a mystery; neither would I diegn nor arrogate in claiming to be privy. Kindest regards, neighbours and friends.
@rovano10
6 ай бұрын
@@chromerimsEyes and ears. I'm not saying it's like that always and everywhere.
@chromerims
6 ай бұрын
@@rovano10 👍 ". . . fashion bloat . . . BIOS flashing from Windows itself . . ." ? Kindly see leadership of UEFI. Also, its board of directors comprised of representatives from cpu makers (intel, amd, arm), apple, microsoft, mfgrs (dell, hp, lenovo), and IBVs (ami, insyde, phoenix). *Quis custodiet ipsos custodes?* Kindest regards, neighbours and friends.
@Stepan_H
6 ай бұрын
Thanks for the information. Slightly frightened, I checked version of my actual "BIOS" and It includes a fix for this exploit. I generally update the firmware and software of all devices, precisely because it addresses not only bug fixes, but also various exploits.
@Mantikal
4 ай бұрын
I had the misfortune of doing a BIOS update once - and just in that moment is when the power company had a power black out - instant brick.
@Eclipseternally
6 ай бұрын
Updating my bios asap
@vaulter2k18
6 ай бұрын
This is how Absolute Resilience works (formerly known as LoJack and CompuTrace). It embeds itself in the BIOS firmware. Only way to permanently remove it is to swap out motherboard which isn’t realistic for a laptop.
@Darkk6969
6 ай бұрын
Yep, we use it at work. It's designed to marry itself to the motherboard.
@lunarfalacy2662
17 күн бұрын
@@vaulter2k18 I've found that, at least for CompuTrace, installing any variety of Linux allowed me to get around both CompuTrace and the content filtering software it seemed to be bundled with.
@mahakleung6992
6 ай бұрын
Thank you. I was unaware of this and will get our desktops and laptops flashed this week.
@garbhanmyles
6 ай бұрын
May the gods bless your wee cotton socks, sir. Managed to get a BIOS update for these shenanigans which I was oblivious to. Thanks, boss! 🙏
@whoeverofhowevermany
6 ай бұрын
There haven't been any instances of this attack type yet, and that's why it's important to post a video about it on a popular channel. Request heard.
@Natzawa
6 ай бұрын
It’s a double edge sword since the hackers who didn’t know are now aware of this.
@whoeverofhowevermany
6 ай бұрын
@@Natzawa no, I think that's the only edge it's got. It's just telling people about an unexploited vulnerability. It doesn't count as a warning since there is no danger.
@fireteamomega2343
4 ай бұрын
Because in any case it requires privilege escalation... anyway in most all scenarios it would be pointless to brick a computer you just spent time getting access to.
@rastahotep
6 ай бұрын
First found one of these back in like 2014 on a friend’s computer, luckily for her mom had the exact same computer and I did a Hot Flash to be sure it would go..
@ActOfRandomKindnesss
6 ай бұрын
New fear unlocked ☠️
@ivok9846
6 ай бұрын
why? do you not think windows is more useful to hackers than bios? this won't even be used, just like spectre/meltdown....
@Rblx_GlamDoors
3 ай бұрын
Agreed 💀💀
@Dariansweb
6 ай бұрын
Good job. You had me captivated the whole video and i'm so ADD i barely make it 2 minutes. BIOS is always the included in my mind when I look for updates on my computers, not just OS or Installed Apps. Thanks!
@avvn9331
6 ай бұрын
This is interesting, are only laptop/pcs are effected or could it effect any other embedded devices too?
@michaelmonstar4276
6 ай бұрын
I just saw this mentioned in the BIOS change logs over at ASRock earlier, but many versions note that it's not recommended to update to those for most older CPUs, of which I use one that's on an ASRock board. So... Yea, not sure what to do.
@catlover281
5 ай бұрын
2:21 The BIOS provides a logo, no matter what. Sometimes, Windows Boot Manager may not have detected this and defaults to the Windows logo
@donaverboxwood
6 ай бұрын
An i correct in assuming that the standard "don't get a virus" advice - don't download sketchy files, don't open sketchy emails, virus scan everything you download, etc. - are still useful for preventing the virus from getting into a computer in the first place? Or is it possible to fall victim to this stuff without any user interaction?
@outasi_official
6 ай бұрын
yes, this in itself would require user interaction. however in case there's a new exploit found that runs code without the user's interaction, you could still be infected with this.
@heckerhecker8246
6 ай бұрын
Unless a new zero-day is found which just gives anyone who opens a web browser a virus; I'd say, its still good advice
@futuza
6 ай бұрын
Yes, but zero-day exploits are extremely common (notice how often your browser and OS needs security updates for example)
@heckerhecker8246
6 ай бұрын
@@futuza, True, but by then a lot of damage has already been done (if it's discovered by sum hacker)
@GabrielVilanova-n3p
6 ай бұрын
Well we must do that at least till we get a proper firmware patch, until then: stay vigilant, keep running your third party anti-virus software in the background with all the active modules enabled, don't visit sketchy webpages, keep your web browser updated and obviously, only download your firmwares from the official manufacturer and so on.
@Norona-ym4gv
6 ай бұрын
“shit my computer got hacked” “bring the hammer”
@Manic.miner2077
6 ай бұрын
Thanks, luckily the Bios update for me was 2 updates ago.👍
@marijnmf2805
2 ай бұрын
You wanna take the risk (in updating) or the risk (in letting yourself vulnerable)
@folterknecht1768
3 ай бұрын
Jup - exactly that kind of shit was why I wasnt happy when 10-15 years ago OS level BIOS flashing became a thing.
@mr2miach
6 ай бұрын
Something to consider is discussing ways to remedy the infection if it does actually happen to someone. Willing to bet, if the motherboard allows you to change the image it also comes with a USB BIOS flash port that allows for BIOS updating sometimes without requiring a CPU or RAM to be installed. You place the new BIOS on a USB stick, plug it into that specific USB port, and boot the MB. Overwriting the "infected" BIOS with an updated one I suspect would remove that infected image. That is of course, if the MB comes with that feature, but, like I said, if the MB allows for the image to be changed there's a good change it has that port. The next part would be removal of the initial infection from the partition. Might be something where booting to a Linux Boot disc would be beneficial. Haven't dealt with that specific type of infection yet so I'm just spit balling. It's handy to warn folks of new threats like you did in the video. It's also handy to share what to do in case you find yourself infected with such a threat.
@dzikidzikers4082
6 ай бұрын
"It's a hack that replace image on a startup with a malicious code" Wait you can change startup image? i wonder what should i change my image to? (later in a video) MSI users are safe because startup image cannot be changed in these motherboards darn... well at least I'm safe
@hb1338
6 ай бұрын
NSA has been creating and remotely deploying firmware-based malware for more than twenty years. It has also created and remotely deployed malware which resides in areas of the hard disk which are unknown (and therefore inaccessible) to conventional operating systems and apps.
@ActuallyMichael
6 ай бұрын
I have a MSI motherboard so hopefully I'm safe
@pankoza
6 ай бұрын
me too, and I have Windows installed in Legacy mode
@cylian91
6 ай бұрын
@@pankoza you are safe in legacy mode but why do you run in legacy mode ?
@Oweblow
6 ай бұрын
@@cylian91 Bro probably forgot to enable UEFI boot.
@pankoza
6 ай бұрын
the PC originally had Windows 7 and I didn't feel like enabling UEFI mode@@cylian91
@ChrisWijtmans
6 ай бұрын
msi got hacked ... so no we are screwed.
@leo.hsu.0301
6 ай бұрын
Surprisingly my Asus motherboard already got this covered in December 2023!!!
@SteinBeuge
5 ай бұрын
If you've ever player a video game where people can use the international language font for their in game names, you might have been done. If you shutdown your pc and "microsoft/international language pack" task is preventing shutdown, you've probably been done
@George-fu9vu
6 ай бұрын
Them air quotes at friend "who knows about computers"🤣
@Rblx_GlamDoors
3 ай бұрын
Solution: don’t change your logo
@_SJ
6 ай бұрын
Is this reality?
@elitepctech
6 ай бұрын
Yes
@tyxyerfyyzxynm4259
6 ай бұрын
No WAKE UP
@tyxyerfyyzxynm4259
6 ай бұрын
WAKE UP
@tyxyerfyyzxynm4259
6 ай бұрын
WAKE UP
@tyxyerfyyzxynm4259
6 ай бұрын
WAKE UP
@jeffzebert4982
6 ай бұрын
I think I know why data brokers might be interested in what cars people drive: it's to facilitate those dumb "extended car warranty" scams.
@ricky_pigeon
6 ай бұрын
Could be wrong here but this sounds similar to how the Sony PSP was hacked to run custom firmware.
@matthouben4242
6 ай бұрын
A few remarks: 1. This attack is directed against computers that use the UEFI boot. So systems that still use the (legacy) BIOS boot should be safe. 2. Most systems have an option in the BIOS settings to disable all this logo crap. Use it and you are safe,
@wb8ert
6 ай бұрын
FYI: As I understand it, Dell doesn't have the Logofail issue because it won't allow any logo other than the one shipped by Dell.
@TheSimArchitect
6 ай бұрын
This feels like something new to make people on older generation computers that care about security to upgrade as I don't see manufacturers releasing patches for 5 to 10 year old computers, even though many of us are still using those. There's a lack of innovation (performance and feature wise, it's not like we went from 286's to 486's or Pentiums, sorry) and they have to make people spend money somehow. This might be it. I don't like it but I am thankful for the update.
@aquahoodjd
Ай бұрын
Also a shout out to the security researchers check apples accessibility features there is a way to gain access to the machine through these features. Think of perhaps sound that you can't hear with your ears but the microphone can and also think about perhaps Morse code or Braille.😊
@johnmac8084
3 ай бұрын
Thanks for the info. Best to have your PC plugged into a UPS when updating the BIOS.
@kleinwolf35
5 ай бұрын
"Recently discovered" Dude, I got hit with a bios virus almost 14 years ago.
@clausskovcaspersen5982
3 ай бұрын
I remember virus "new york beauty" 20 years ago you had to remove power and remove bios battery, because the virus was in ram, and keept copy back when reboot
@jfbeam
6 ай бұрын
This a case of "doesn't" NOT "can't". Security software _can_ inspect the UEFI logo image, but they don't, because they've had no reason to.
@markusTegelane
6 ай бұрын
My motherboard manufacturer finally decided to release a patch even though they haven't even released any other BIOS updates over the past 2 years for it, but I guess this exploit was bad enough they felt releasing an update was necessary.
@Dowlphin
6 ай бұрын
Is this because of the old thing that JPEG files can get infected with malicious executable code? And then no one thought about UEFI's use of JPEG?
@gnuPirate
6 ай бұрын
And perhaps this is another reason why we should be allow to freely, easily, regularly reflash our own bios chips with foss bios firmware, rather than having our BIOS chips etc locked down by gumbys?
@MsHojat
6 ай бұрын
I thought I heard about this a couple months ago? Either way I guess it's still relevant. I also remember hearing about some UEFI and/or BIOS hack like a decade ago, so this isn't the first time. And technically the whole IME exploit thing, but that required hardware access.
@MonochromeWench
6 ай бұрын
Seems like mostly a problem for OEM systems with the boot logo enabled by default (the sort of systems with users who would more likely get tricked into running malware in the first place). Motherboards for DIY system builders typically don't have the logo enabled by default as in DIY systems often you want to see the detailed post screen on first boot.
@psylentrage
6 ай бұрын
This kind pops up every now and then
@ChickenCaeser
6 ай бұрын
A custom bios firmware can prevent this, I don't use a stock bios.
@soulstenance
6 ай бұрын
The seemingly obvious solution seems to be just don't exclude anything from the check and, ya know, don't let images execute as code. I don't really how how stuff like this works at the BIOS/UEFI level but seems like a pretty big oversight on the side of hardware manufacturers more than anything.
@malavoy1
6 ай бұрын
I turn off the logo screen so I can watch the POST screen. The only time I ever updated a BIOS was 20 years ago when I had to buy a chip and physically replace the BIOS chip.
@chromerims
6 ай бұрын
Emphasizing, "I turn off the logo screen so I can watch the POST screen." I do this too using POST verbosity option on my machines. However as a mitigation against LogoFAIL vulnerability, I am not savvy enough (yet) to know whether or not the image parser routine is launched as a concurrent run regardless. I might update this comment later.
@ChrisStoneinator
6 ай бұрын
Next up, “Even buying a new computer won’t help”! Can’t wait.
@davedyer2951
6 ай бұрын
I literally just flashed my BIOS a few days ago lol... luckily I'm rocking an MSI mobo.
@iv7896
6 ай бұрын
@ThioJeo would core boot change a thing ?
@aquahoodjd
Ай бұрын
They caught me through a man in the middle attack while my computer was upgrading and they got my BIOS keys. But before that I had found corrupted sound card files back when we had sound card on the sound card by us so basically I assume that anything that has firmware that's attached to your computer can be infected. Do not assume that because I have had one already in 2018 I returned it to Apple asking them to flash the BIOS being already well aware that that's where it was and they didn't say anything it wasn't part of their normal routine so someone has already found a workaround to what you just said because I personally know that they have infected Apple bios. They have come up with a way to either disable the check or change the check or do something that creates the same checksum number. Again I've had a Dell computer that also is subject to replace the motherboard because I bought the international premium service and they came and changed the motherboard.
@ronnyspanneveld8110
6 ай бұрын
Well that "Logo" has been there for a very long time. like over 20 years.. i got 4 board here before UIFI and they have logo's :P
@robw1927
5 ай бұрын
with UEFI, bios injection is no longer possible. Also, modern motherboards have hash validation in the bios file. If you use "a "modified" bios, the hash is modified and update fails.
@noble_lime
6 ай бұрын
Apple silicon Mac's do use uefi (that's how booting from external macos drive and Asahi linux boots)
@wvistalover
6 ай бұрын
I don't use uefi
@IamAFK14
6 ай бұрын
Need to order a new motherboard
@mystixa
6 ай бұрын
There are also a lot of uefi motherboards that have a duplicate 'bios' that you can use at the push of a button in case 1 gets corrupted. I imagine this would be a way of defeating this as well.
@jovetj
6 ай бұрын
Well it's pretty safe to say we all saw this coming.
@TheRealGirlWeeb
6 ай бұрын
devs never learn .... "no need to check there, there's no code there" like, how many vulnerabilities need to be exploited until they learn to check even parts that shouldn't include code?
@ronamo111
6 ай бұрын
WOW THIS IS MODERN TECHNOLOGY IF IT ISN'T ONE WAY TO COME AFTER YOU IT'S ANOTHER
@ElizabethKaider-si5ql
6 ай бұрын
I have been fighting this for 3 years since we separated I am at a loss
@woodsmn8047
6 ай бұрын
there have lately been troubles with steam games where when updates to lots of steam games for some reason get a notice that files are missing and the user does not have the correct permission to load said file and this prevents the game from being fully updated and thus remains unplayable ... I suspect some small game sellers are taking shots at the steam monopoly but that leaves the gaming community with one game after another knocked out of use ...could you take a look at this phenomena and tell us if or how to fix it ...?
@UltraCenterHQ
6 ай бұрын
It's kinda scary how computer viruses improve with each new version just like real life viruses
@dasmaffin1633
6 ай бұрын
This is why BIOS should be installed on a ROM
@ducpaii
6 ай бұрын
had a bios update 3 months ago that patched this. why people dont update the bios beats me
@robertlewis2542
5 ай бұрын
Imagine if autos... You stick the key in the ignition it starts playing the manufactures theme song (Ford Chevy or whatever) flashes the lights in their patented pattern then it uses the lights to spell out the dealers name and address with the salesman's name. Its past time to reign these turds in.
@lazynerdtv
6 ай бұрын
when he discovers bios reflashing🤯
@eadweard.
6 ай бұрын
Cannot tell what you are trying to say.
@lazynerdtv
6 ай бұрын
@@eadweard. You can reflash the bios, to clear the chip of any malicious data
@levvayner4509
6 ай бұрын
UEFI replaced BIOS. Most people have computers that do not have BIOS. I am not 100% certain but pretty sure this exploit cant harm any motherboard with actual BIOS as they lacked this feature.
@fritz46
6 ай бұрын
Being able to change the logo is so important that it is well worth adding security issues to implement that feature we all have been waiting for since 1981. Too bad my 10 year old computer is so fast that I never see the logo because it boots faster than the time the monitor needs to show an image after detecting the video signal.
@monad_tcp
6 ай бұрын
the irony
@Oweblow
6 ай бұрын
Samesies.
@Blinkerd00d
6 ай бұрын
That's why I haven't messed with splash screen images in so long. My work assigned laptop is the only one I ever see the logo on anyway.
@MassDamage1337
6 ай бұрын
you can change that, in BIOS you can set a delay so it waits before loading into windows. This is useful so you have a chance to get into BIOS instead of mashing "del".
@peterdobson3435
6 ай бұрын
Why do you think that changing the logo is important? End user isn't usually interested in branding.
@SteelRatVT
6 ай бұрын
I updated my BIOS today, before watching this video. Now that I look back to it, it does list "Addresses potential UEFI vulnerabilities (LogoFAIL)" as one of the notes.
@jjjjulian
6 ай бұрын
HELL NAW
@accountname7738
6 ай бұрын
My motherboard manufacturer hasn't relased an update in the past 3 years. Wonderful! :)
@Rairosu
6 ай бұрын
Yea my Gigabyte Z170X ultra Gaming Motherboard is dinosur age old. The only update it had was the microcode in 2018. That was it. I have that update but HIGHLY doubt they will update mines again.
@kolz4ever1980
6 ай бұрын
time to update that relic you're pretending is a pc ;)
@sazerchu
4 ай бұрын
@@kolz4ever1980 and if you can't afford another one right now (as Im on ODSP and barely able to eat as it is with less than a dollar to save a month)? I have an ASUS Z170 chipset board too that was donated to me (no code updates for this yet...) Its to replace a GB Z68X board I've had since 2011...
@joaoborgesrodriguesalves6554
4 ай бұрын
Dont listen to that other guy,your pc is wonderful without any uodates whatsoever
@kolz4ever1980
4 ай бұрын
@@joaoborgesrodriguesalves6554 😆 when did care bear bitching for out dated PCs that are ages old become a thing?
@melsbacksfriend
6 ай бұрын
Two things: 1: Isn't Intel boot guard only for Intel? What about AMD users? 2: Can't you just reflash the stock bios to remove the virus?
@hentosama
6 ай бұрын
Yes, and Mobo manufacturers already released fix for most models as new bios revisions
@monad_tcp
6 ай бұрын
lol, intel boot guard, then your amazing motherboard manufacturer uses the same NVRAM for both the intel firmware where the boot guard resides and everything else. To save costs. They also forget to segment write protection in the NVRAM. AMD has the same problem. You can reflash the stock bios but that requires tools because the motherboard manufacturers don't usually even provide a pin header for easily connecting the flashing equipment to the NVRAM. So you might even end up needing to desolder the stupid microchip to flash it. That's if you aren't an unlucky notebook consumer whose manufacturer decided an external NVRAM was too costly and just embedded it in the SoC, then that computer is basically trash, unless they enable you to use JTAG on the SoC, which they usually don't. I wonder why PCs can't be easily JTAGged like smartphones can (well, the ones which aren't that fruit company). It should be a requirement for manufacturers to provide pin headers to easily flash the NVRAM.
@b4ttlemast0r
6 ай бұрын
@@monad_tcp many motherboards include a bios flash feature that as far as I know doesn't even need to execute an existing bios to work (I assume they have some dedicated hardware just for this feature), so shouldn't that always be able to reflash the bios?
@killertruth186
6 ай бұрын
@@monad_tcp And very few motherboards have flashback like Asus does for some of their motherboards.
@tablettablete186
6 ай бұрын
2. Probably not, since the malware could simply disallow any updates
@bobyrd74
6 ай бұрын
I called this *years* ago when UEFI first came about and I saw that there was going to be a link between the OS and "BIOS".
@davidioanhedges
6 ай бұрын
Similar has been possible forever... as long as the BIOS/UEFI is writable from the OS it's a vulnerability -writable BIOS was a thing for a very long time before UEFI existed
@kote315
6 ай бұрын
Oh, did it happen again? Is some malware writing some bad things into the ROM again? Eh, some people in the computer industry never learn. This is far from the first similar case. Remember the CIH Chernobyl virus? This problem has existed since at least the 90s. And there is only one way to protect against this - to make the Read-Only-Memory truly Read-Only! (and place a switch/jumper to enable write, disabled by default).
@monad_tcp
6 ай бұрын
Not only didn't they learn anything, they store the stupid ring -1 Intel ME in the same NVRAM flash easily rewritable, I literally reflashed it so I could run code inside my chipset, it was fun hacking that part of the hardware.
@OctoomyYTOfficial
6 ай бұрын
CIH only effected certain rarer mainboards from gigabyte and some oems. And making the BIOS unrewritable isn't going to solve anything, matter in fact its only going to cause more issues if new exploits are found in lets say... certain feature sets? Enjoy buying an updated motherboard every CPU revision.
@pafik_
6 ай бұрын
@@OctoomyYTOfficial If bios memory is read-only no virus will get inside. No virus will be found, that's all
@tablettablete186
6 ай бұрын
The irony of having writable ROM (Read Only Memory) lol
@kikixchannel
6 ай бұрын
@@OctoomyYTOfficial You should learn to read. He specifically said that the motherboards should have a switch to enable writing. In other words, it would be a PHYSICAL block that the user can remove and reinstate at will, blocking the remote access hacks while not affecting the actual user at all (well, barely affecting him...as you'd still need to switch it on and off now and then).
@1mwls
6 ай бұрын
Thanks, I just updated the BIOS. HP had an update dated a week ago. I'm 63 and that's a scary update to do, But it only took a few minutes.
@ReyNico
4 ай бұрын
Hell yeah ✊🏽✊🏽
@sazerchu
4 ай бұрын
as long as you are careful and prepare well updating a bios is fairy straight forward. HP is a bit of a pain though because you can only do it via a windows executable script that isnt "expandable". I just had a HP laptop with "Optima" tech that died bad. Took the better half of 2 days to fix it. Wondering if this was the exploit used on it as the owner is an outspoken Chaldean who trolls the "middle eastern" PalTalk community...
@samuelld1
6 ай бұрын
Thanks for keeping us well informed❤
@edplat2367
6 ай бұрын
This honestly sounds like an exploit that could be easily patched by OEM'S. My worry is for computers or motherboards no longer receiving bios updates.
@brettlaw4346
6 ай бұрын
They tend to drag their feet. Getting a business grade laptop tends to expedite patching.
@aycc-nbh7289
6 ай бұрын
But as a Linux user, I’ve historically received updates before the exploits they patch make headlines like this. For all I know, it’s already been patched for my machine.
@Jeff-ss6qt
6 ай бұрын
@@aycc-nbh7289It's not an exploit in the operating system. It's an exploit in UEFI. To patch it, you'd need an UEFI update.
@mamailo2011
6 ай бұрын
By contract they MUST provide critical updates. They do not make the patches, is intel o AMD, they only include the patch in the respective firmware file and make it aviable
@edplat2367
6 ай бұрын
@mamailo2011 I have an evga board (z690 dark) and the bios team and motherboard devision at evga is finished. I wonder what happens here when they don't have any developers any more.
@trens1005
6 ай бұрын
My thesis from 2012 is now in fruition. Thanks for this share gonna send this video to a few of people.
@cyberspectre8675
6 ай бұрын
Let's see your thesis
@Necropheliac
6 ай бұрын
Seems like letting the OS write to the BIOS was a really, really bad idea.
@chromerims
6 ай бұрын
Emphasizing "Seems like letting the OS write to the BIOS was a really, really bad idea."
@nomore6167
4 ай бұрын
"Seems like letting the OS write to the BIOS was a really, really bad idea" - If the OS could not write to the BIOS, then there would be no way to update the BIOS other than by physically replacing the chip, which would be even worse. The problem is not letting the OS write to the BIOS. The problem is that companies do not place a strong enough emphasis on security (and, in this case, they apparently outsourced a trivial function which they could easily have written themselves, thereby creating the vulnerability).
@Necropheliac
4 ай бұрын
@@nomore6167 what you’re saying is not true. Updating the bios is never done via the operating system. It is done by inserting a USB key directly into the motherboard and instructing the write from a file on that USB. It is done before the operating system is loaded. It can also be done over the network by sending the file via the NIC but also in that case it is done before the Operating system is loaded.
@nomore6167
4 ай бұрын
@@Necropheliac "what you’re saying is not true. [Updating the bios] is done by inserting a USB key directly into the motherboard... It is done before the operating system is loaded" - No, it is YOU who are wrong. You clearly have no clue about what you speak. BIOS updating can POTENTIALLY be done by going into the BIOS and selecting to update from a file, *IF* it is designed that way and you have compatible hardware. However, updating the BIOS by running an executable from the OS has been done for decades. Also, I love how you're contradicting yourself by first saying "Seems like letting the OS write to the BIOS was a really, really bad idea" and then claiming that BIOS updates are never performed by the OS.
@chromerims
4 ай бұрын
De-emphasizing "If the OS could not write to the BIOS, then there would be no way to update the BIOS other than by physically replacing the chip." Emphasizing "What you’re saying is not true. Updating the bios . . . is done by inserting a USB key directly into the motherboard and instructing the write from a file on that USB. It is done before the operating system is loaded." Kindest regards, friends and neighbours.
@lmcgregoruk
6 ай бұрын
My old ass system still boots Windows 10 from a non-UEFI bios.
@jwhite5008
6 ай бұрын
If it has a functionality to load a user-provided image file it might still be vulnerable, AND the update for firmware this old won't be released ever... Although if your BIOS is text-only, it is likely to have the image stored in raw headerless uncompressed bitmap which would mean that it's probably not possible to exploit However this also means that your BIOS might not have a fix for all the vulnerabilities found since its last update
@chadfli
6 ай бұрын
mine is from 2012 and is a dell. no uefi at all. so imight be safe, pls confirm
@eDoc2020
6 ай бұрын
@@chadfli Most PCs released since 2011 have UEFI. It's very likely you have a UEFI-based firmware which boots in legacy mode. This would likely still be affected.
@spamburner9303
6 ай бұрын
@eDOC2020 jokes on me, my computer still has PhoenixBIOS.
@eDoc2020
6 ай бұрын
@@spamburner9303 I have AwardBIOS on a few systems.
@BxOxSxS
6 ай бұрын
3:12 This is not true (entirely). Secure boot is not designed to verify bios. It's for verifying efi binaries and OpROMs (uefi fimrware in external devices like dGPU). Veryfing bios is possible by verifying digital signature when trying to update it (by running version of bios). It's not standardized through as far I know
@jwhite5008
6 ай бұрын
Yes, it cannot read or even know of what is happening in ring-minus-whatever by design. there is a lot of code by different manufacturers and sources which runs absolutely stealthily, uncheckable by AVs, and some of it gets hacked once in a while. x86_64 is a mess of corporate backdoors, and there is no fixing it since that functionality is packaged by Intel/AMD and required for CPU to even function at all, same with basic firmware functions that the computer cannot possibly work without.
@BxOxSxS
6 ай бұрын
@@jwhite5008 Looks like you have not heard about coreboot. It can disable ME/PSP. Or by using other vulnerabilities modify their firmware. It would also ofc involve reverse engineering. Very hard but not impossible as you said
@SLLabsKamilion
6 ай бұрын
@@BxOxSxS Uh, no, nononononono. PSP cannot be disabled or bypassed. It is *the* root of trust during initial bringup, responsible for reading the rest of AGESA from SPI NOR, ranging the DDR links, and copying the UEFI firmware capsule from SPI NOR into DDR memory. The x64 cores are held in reset until this point. PSP and SMU are both simple ARM cores, and can (and do) check and validate the signatures while loading the objects out of NOR. Once the x64 cores are freed and the UEFI firmware begins to start, is where coreboot has a chance to slip in (but only on certain amd-and-google-signed chromebook platforms) and handle responding analogously to the UEFI capsule. The PSP communicates through a shared memory mailbox with a doorbell flag. Very early AGESA versions simply told the PSP to go to sleep until the next full powercycle, which corresponds to the "PSP_DISABLE" option seen in some AM4 boards' CBS settings setup menu. Newer versions make use of the PSP during runtime to handle memory region encryption, being responsible for setting up the keys used for SME zones (from memory, up to sixteen.) and no longer responds to the "PSP_DISABLE" message. It *IS* possible, as you speculate, to mix and match some aspects of the AGESA firmware directory, and send the PSP to sleep, change the mailbox address, or doorbell id, resulting in ignoring further messaging in the firmware, but a linux kernel will rediscover the mailbox and try to set it up for SME (with all zero keys, effectively disabling it) during kernel boot. LogoFail and Boothole both rely on the fact that the firmware contains an actual directory listing section. And we're not even getting into SMBIOS exports or SMM handlers in ACPI tables, or the nastiness that lets platform vendors embed whole PE segments for windows to blindly nod and run during every boot. (Lenovo, i'm looking straight at you.) -- that's partially what jwhite5008 was on about. ME is a different story altogether, based on it's generation. You're mostly correct in your assertation above, in it's case. As it's a completely sidecar processor like a BMC, and does not control anything about intel's early bringup, it can be pruned in a number of ways, from the easy (delete it's firmware sections entirely) to the tinfoilhat (use the 'poorly/discretely documented' disable mode that exists because the NSA demanded a way to turn ME off, aka "High Assurance" mode ((LOL!!))) to the massively paranoid "I'm replacing my SPI NOR flash part with a smaller device so the ME section is incapable of being reflashed upon my hardware as it no longer fits". Plus the forks like oreboot and HEADS and stuff to run on it like tails and qubes... I'm not this paranoid myself but I figured I should understand what the fuss was about before pointing fingers at glass houses and declaring that emperor has no clothes on.
@fireteamomega2343
4 ай бұрын
Yes you could hash check versions like most secure firmware does
@JohnSmith-xq1pz
6 ай бұрын
So much for UEFI being waaaaaay safer then the old BIOS chips... Of course it's becouse of an oversight on the development team, checking ALL code for lagit signature should be standard
@kunka592
6 ай бұрын
Knew this kinda thing would happen when I saw how complicated UEFI was compared to the old BIOS system.
@cylian91
6 ай бұрын
yeah and eufi are actualy dumber then bios, they can load eufi driver wich is better (for things like usb driver) then bios but everything else is just fucked. The boot system is trash, its literaly stored in vram so no power = reset (its realy bad on laptop with removed battery, i run my server with mbr mode because of that and yes my server is a laptop), EUFI driver can literaly modify everything, that even include windows kernel thing. And since eufi driver can be close source (as oppose to linux driver wich are required to be open source if they want to be included by default and access some part of the interface) we don't know what they are doing and they could be harmfull. Proprietary tech is still kill tech industry.
@halfsourlizard9319
6 ай бұрын
At some level it's all held together with chewing gum and bailing twine 🙈
@iRelevant.47.system.boycott
6 ай бұрын
It was just a matter of time ... Hate UEFI.
@nomore6167
4 ай бұрын
"Of course it's becouse of an oversight on the development team, checking ALL code for lagit signature should be standard" - Lack of signature on an image file is not the big problem here. The problem is the OTHER vulnerabilities in the image display function which allow this exploit to occur (most likely, buffer overflow vulnerabilities). If the image display function was secure, then the only thing a rogue image file could do was cause a vulgar image to be displayed.
@SebinNyshkim
6 ай бұрын
6:50 Secure Boot does NOT protect the EFI System Partition. Secure Boot protects against loading arbitrary EFI executables on that partition, e.g. an OS boot loader. It does so by checking any EFI executable against a signature store in the firmware. If the EFI executable is unsigned or the signature is not in the list of trusted signatures, the UEFI will refuse to boot that executable. The EFI System Partition itself is fair game because it's a FAT file system (most firmware implementations don't support anything else) which has no concept of any sort of access rights management like NTFS does to prevent anything from writing to it.
@ThioJoe
6 ай бұрын
Good to know 🧐
@Sypaka
6 ай бұрын
You can protect the ESP by making it read-only using diskpart, when using Windows. I sadly don't know how this is done in Linux (yet). The problem here is, I don't know how Windows will react to this, if the ESP also has the BCD on it and it can't write to it.
@ZipplyZane
6 ай бұрын
@@Sypaka If software can set it as read-only, then malware could set it as writeable.
@Sypaka
6 ай бұрын
@@ZipplyZane -You are not wrong, but making the ESP read-only protects against attacks on the User Privilege level. Just because the ESP is marked as "hidden", doesn't mean, it's not existant. Everyone can write to it, even users under the "Guest" Privilege (the lowest priv level), let that sink in.- Sure, if malware expects the ESP read-only, there will be code to make it writeable. And it still needs Admin to do that. Unless you remove the right to edit drives from your account... (Edited, because i got them mixed up)
@betaswithWack0
6 ай бұрын
@@Sypaka this is incorrect, Windows does restrict access to the EFI system partition to Administrators. (this is a specifically hardcoded check for the EFI system partition only.) there was a time period where MS fucked up and removed this check, but this got fixed eventually
@saptadeepnath5664
6 ай бұрын
Reminds me back of the CIH virus
@JohnSmith-xq1pz
6 ай бұрын
Fun fact a friend of mine his family computer was one of the few the payload actually worked on.
@cylian91
6 ай бұрын
@@JohnSmith-xq1pz wait you tried on your friend's famility computer ? lmao
@JohnSmith-xq1pz
6 ай бұрын
@@cylian91 🤣🤣🤣 Well actually, it was something he download that let CIH in, they only figured that out after the replacement computers anti virus cought it
@alternatuber6698
6 ай бұрын
00:02 Find his wife's dirty videos on the internet.
Пікірлер: 1,9 М.