{"id":5744,"date":"2023-12-04T20:08:54","date_gmt":"2023-12-04T19:08:54","guid":{"rendered":"https:\/\/sajberinfo.com\/?p=5744"},"modified":"2023-12-04T20:08:54","modified_gmt":"2023-12-04T19:08:54","slug":"logofail-uefi-ranjivosti","status":"publish","type":"post","link":"https:\/\/sajberinfo.com\/en\/2023\/12\/04\/logofail-uefi-ranjivosti\/","title":{"rendered":"LogoFAIL: UEFI ranjivosti"},"content":{"rendered":"<p><span style=\"font-size: 14pt;\"><em>LogoFAIL<\/em> je napada na <em>UEFI<\/em> ranjivosti koje mo\u017ee omogu\u0107iti potencijalne napade kroz velike nedostatke u bibliotekama za ra\u0161\u010dlanjivanje slika ugra\u0111enim u upravlja\u010dki softver (eng. <em>firmware<\/em>).<\/span><\/p>\n<div id=\"attachment_5754\" style=\"width: 1034px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-5754\" class=\"size-full wp-image-5754\" src=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/12\/LogoFAIL.jpg\" alt=\"UEFI ranjivosti\" width=\"1024\" height=\"1024\" srcset=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/12\/LogoFAIL.jpg 1024w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/12\/LogoFAIL-300x300.jpg 300w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/12\/LogoFAIL-150x150.jpg 150w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/12\/LogoFAIL-768x768.jpg 768w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/12\/LogoFAIL-12x12.jpg 12w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/12\/LogoFAIL-80x80.jpg 80w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/12\/LogoFAIL-320x320.jpg 320w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><p id=\"caption-attachment-5754\" class=\"wp-caption-text\"><em>LogoFAIL: UEFI ranjivosti; Source: Bing Image Creator<\/em><\/p><\/div>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_82_2 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Sadr\u017eaj<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #ffffff;color:#ffffff\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #ffffff;color:#ffffff\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewbox=\"0 0 24 24\" version=\"1.2\" baseprofile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/sajberinfo.com\/en\/2023\/12\/04\/logofail-uefi-ranjivosti\/#UVOD\" >UVOD<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/sajberinfo.com\/en\/2023\/12\/04\/logofail-uefi-ranjivosti\/#LOGOFAIL_FUNKCIONISANJE\" >LOGOFAIL FUNKCIONISANJE<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/sajberinfo.com\/en\/2023\/12\/04\/logofail-uefi-ranjivosti\/#LOGOFAIL_UTICAJ\" >LOGOFAIL UTICAJ<\/a><\/li><\/ul><\/nav><\/div>\n\n<h2><span class=\"ez-toc-section\" id=\"UVOD\"><\/span><strong><span style=\"font-size: 14pt;\">UVOD<\/span><\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-size: 14pt;\"><a href=\"https:\/\/binarly.io\/posts\/The_Far_Reaching_Consequences_of_LogoFAIL\/index.html\" target=\"_blank\" rel=\"noopener\">Sigurnosni istra\u017eiva\u010di su otkrili ranjivosti<\/a> u upravlja\u010dkom softveru <em>UEFI<\/em> sistema velikih proizvo\u0111a\u010da za koje ka\u017eu da bi mogli omogu\u0107iti napada\u010dima da otmu lo\u0161e odr\u017eavane biblioteke slika kako bi tiho isporu\u010dili <a href=\"https:\/\/sajberinfo.com\/en\/2023\/04\/11\/payload\/\" target=\"_blank\" rel=\"nofollow noopener\">zlonamjerne korisne sadr\u017eaje<\/a> koji zaobilaze <em>Secure<\/em> <em>Boot<\/em>, <em>Intel<\/em> <em>Boot<\/em> <em>Guard<\/em>, <em>AMD<\/em> <em>Hardware<\/em>&#8211;<em>Validated<\/em> <em>Boot<\/em> i druge mehanizme za\u0161tite.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Otkriveni skup ranjivosti je nazvan \u201c<em>LogoFail<\/em>\u201d i omogu\u0107ava napada\u010dima da koriste zlonamjerne datoteke slika koje se u\u010ditavaju upravlja\u010dkim softverom tokom faze pokretanja kao sredstvo za neprimjetnu isporuku aktivnih dijelova virusa kao \u0161to su <em>bootkits<\/em>.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h2><span class=\"ez-toc-section\" id=\"LOGOFAIL_FUNKCIONISANJE\"><\/span><strong><span style=\"font-size: 14pt;\"><em>LOGOFAIL <\/em>FUNKCIONISANJE<\/span><\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-size: 14pt;\">Zloupotreba analizatora slike za napade na <em>Unified Extensible Firmware Interface<\/em> \u2013 <em>UEFI<\/em> upravlja\u010dki softver je demonstrirana jo\u0161 2009. godine kada je pokazano kako <em>BMP<\/em> datoteka mo\u017ee biti iskori\u0161tena za infekciju <em>BIOS<\/em>-a.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Sada su se sigurnosni istra\u017eiva\u010di bavili povr\u0161inama napada na komponente analizatora slike u kontekstu prilago\u0111enog ili zastarjelog k\u00f4da za ra\u0161\u010dlanjivanje u <em>UEFI<\/em> upravlja\u010dkom softveru. To je dovelo do otkri\u0107a da napada\u010d mo\u017ee pohraniti zlonamjernu sliku ili logotip na <em>EFI<\/em> sistemsku particiju ili u nepotpisane dijelove a\u017euriranja upravlja\u010dkog softvera.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Ubacivanje <a href=\"https:\/\/sajberinfo.com\/en\/2021\/09\/26\/malware\/\" target=\"_blank\" rel=\"nofollow noopener\">zlonamjernog softvera<\/a> na ovaj na\u010din osigurava njegovu postojanost na ure\u0111aju koja je prakti\u010dno neotkrivena, kao \u0161to je opisano u <a href=\"https:\/\/sajberinfo.com\/en\/2022\/01\/22\/otkriven-novi-firmware-bootkit\/\" target=\"_blank\" rel=\"nofollow noopener\"><em>MoonBounce<\/em><\/a> napadu koji je iskori\u0161tavao <em>UEFI<\/em> komponente. <em>LogoFAIL<\/em> ranjivosti ne uti\u010du na integritet izvr\u0161avanja, jer nema potrebe za modifikacijom program za podizanje sistema (eng. <em>bootloader<\/em>) ili upravlja\u010dkog softvera, \u0161to je metoda koja se vidi kod ranjivosti <a href=\"https:\/\/sajberinfo.com\/en\/2023\/03\/04\/blacklotus-zaobilazi-windows-secure-boot\/\" target=\"_blank\" rel=\"nofollow noopener\"><em>BlackLotus<\/em><\/a> <em>bootkit<\/em> zlonamjernog softvera.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h2><span class=\"ez-toc-section\" id=\"LOGOFAIL_UTICAJ\"><\/span><strong><span style=\"font-size: 14pt;\"><em>LOGOFAIL<\/em> UTICAJ<\/span><\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-size: 14pt;\">Ovdje je va\u017eno naglasiti da <em>LogoFAIL<\/em> ranjivosti ne uti\u010du na odre\u0111eni \u010dip, ve\u0107 na vi\u0161e proizvo\u0111a\u010da i \u010dipova. To zna\u010di da je ovaj problem prisutan u proizvodima mnogih velikih proizvo\u0111a\u010da ure\u0111aja koji koriste <em>UEFI<\/em> upravlja\u010dki softver u potro\u0161a\u010dkim i poslovnim ure\u0111ajima. Sigurnosni istra\u017eiva\u010di kompanije <em>Binarly<\/em> koji su otkrili ove ranjivosti su ve\u0107 utvrdili da hiljade ure\u0111aja proizvo\u0111a\u010da kao <\/span><span style=\"font-size: 14pt;\">\u0161to su <em>Intel<\/em>, <em>Acer<\/em>, <em>Lenovo<\/em> i drugi potencijalno ranjivi, kao i tri glavna nezavisna provajdera prilago\u0111enog <em>UEFI<\/em> k\u00f4da upravlja\u010dkog softvera: <em>AMI<\/em>, <em>Insyde<\/em> i <em>Phoenix<\/em>.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Ipak, treba napomenuti da se ta\u010dan obim uticaja ovih ranjivosti jo\u0161 uvijek utvr\u0111uje. Svi tehni\u010dki detalji bi\u0107e objavljeni na <em>Black Hat Europe<\/em> konferenciji 6. decembra u Londonu.<\/span><\/p>","protected":false},"excerpt":{"rendered":"<p>LogoFAIL je napada na UEFI ranjivosti koje mo\u017ee omogu\u0107iti potencijalne napade kroz velike nedostatke u bibliotekama za ra\u0161\u010dlanjivanje slika ugra\u0111enim u upravlja\u010dki softver (eng. firmware). UVOD Sigurnosni istra\u017eiva\u010di su otkrili ranjivosti u upravlja\u010dkom softveru&#46;&#46;&#46;<\/p>","protected":false},"author":1,"featured_media":5754,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[601,603,602,600,599,279,278],"class_list":["post-5744","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hronike","tag-amd-hardware-validated-boot","tag-bios","tag-bootkits","tag-intel-boot-guard","tag-logofail","tag-secure-boot","tag-uefi"],"_links":{"self":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts\/5744","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/comments?post=5744"}],"version-history":[{"count":0,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts\/5744\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/media\/5754"}],"wp:attachment":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/media?parent=5744"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/categories?post=5744"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/tags?post=5744"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}