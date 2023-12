By

Qhov kev tawm tsam tshiab tau pom hu ua LogoFAIL tau nthuav tawm ntau pua lub Windows thiab Linux lub khoos phis tawj rau qhov muaj kev pheej hmoo siab rau kev nyab xeeb. Qhov kev tawm tsam tso cai rau kev ua phem firmware raug tua thaum ntxov hauv kev sib tw khau raj, ua rau nws nyuaj heev los kuaj xyuas lossis tshem tawm cov kab mob uas siv cov cuab yeej tiv thaiv tam sim no. LogoFAIL sawv tawm vim qhov yooj yim uas nws tuaj yeem nqa tau thiab ntau yam ntawm cov qauv tsim nyog, suav nrog cov neeg siv khoom- thiab cov khoom lag luam-qib.

Cov kws tshawb fawb ntawm Binarly, lub tuam txhab tshwj xeeb hauv kev txheeb xyuas thiab kev ruaj ntseg firmware tsis zoo, tsis ntev los no tau nthuav tawm LogoFAIL ntawm Black Hat Security Conference hauv London. Lawv pom tias LogoFAIL siv qhov zoo ntawm qhov muaj qhov tsis zoo tseem ceeb tam sim no hauv Unified Extensible Firmware Interfaces (UEFIs), uas yog lub luag haujlwm rau booting cov khoom siv niaj hnub siv Windows lossis Linux. Cov kev tsis zoo no tau ploj mus tsis pom ntau xyoo thiab tuaj yeem siv los ntawm cov duab kos duab tshwj xeeb.

Thaum qhov kev tawm tsam ua tiav, nws tau txais kev tswj hwm tag nrho ntawm lub cim xeeb thiab disk ntawm lub hom phiaj ntaus ntawv, txawm tias nyob rau theem siab tshaj plaws khau raj hu ua DXE (Driver Execution Environment). Qhov no tso cai rau kev ua tiav ntawm cov cai tsis zoo thiab xa cov nyiaj them poob haujlwm thib ob ua ntej lub luag haujlwm tseem ceeb pib ua haujlwm.

LogoFAIL tuaj yeem ua tau nyob deb ntawm qhov browser lossis media player tsis muaj qhov tsis zoo, qhov twg tus neeg tawm tsam hloov pauv cov duab logo raug cai nrog lub siab phem. Xwb, yog tias lub cuab yeej qhib luv luv, tus neeg tawm tsam tuaj yeem hloov cov duab cov ntaub ntawv.

Cov neeg raug cuam tshuam tam sim no tau tshaj tawm cov lus qhia los nthuav tawm cov khoom lag luam uas muaj kev cuam tshuam thiab muab kev ruaj ntseg thaj ua rau thaj. Txawm li cas los xij, vim muaj qhov dav dav ntawm qhov kev tawm tsam no thoob plaws x64 thiab ARM CPU ecosystem, suav nrog cov chaw muag khoom loj UEFI thiab cov chaw tsim khoom, qhov kev hem thawj tseem ceeb.

Nws yog ib qho tseem ceeb heev rau cov neeg siv los hloov kho lawv lub tshuab nrog qhov tseeb kev ruaj ntseg thaj ua rau thaj thiab nyob twj ywm ceev faj tiv thaiv tej yam tsis txaus ntseeg lossis kev sim nkag tsis tau. Los ntawm kev ntsuas kev tiv thaiv, cov tib neeg thiab cov koom haum tuaj yeem txo qhov kev pheej hmoo ntawm kev poob rau LogoFAIL thiab kev tawm tsam zoo sib xws.