Researchers have discovered malicious code circulating in the wild that hijacks the earliest stage boot process of Linux devices by exploiting a year-old firmware vulnerability when it remains unpatched on affected models.
The critical vulnerability is one of a constellation of exploitable flaws discovered last year and given the name LogoFAIL. These exploits are able to override an industry-standard defense known as Secure Boot and execute malicious firmware early in the boot process. Until now, there were no public indications that LogoFAIL exploits were circulating in the wild.
The discovery of code downloaded from an Internet-connected web server changes all that. While there are no indications the public exploit is actively being used, it is reliable and polished enough to be production-ready and could pose a threat in the real world in the coming weeks or months. Both the LogoFAIL vulnerabilities and the exploit found on-line were discovered by Binarly, a firm that helps customers identify and secure vulnerable firmware.
Theoretical no more
“LogoFAIL was a theoretical vulnerability, and the PoC was not weaponized,” Binarly founder and CEO Alex Matrosov wrote in an interview, referring to the proof-of-concept code released by Binarly as part of the company’s earlier disclosure. “This discovery shows the issues, which are hard to fix around the ecosystem, could be exploited in the wild and weaponized. The funny part is it’s almost a year since we disclosed it publicly, and this happens now when threat actors have adopted it.”
The ultimate objective of the exploit, which Binarly disclosed Friday, is to install Bootkitty, a bootkit for Linux that was found and reported on Wednesday by researchers from security firm ESET. Binarly said the exploit the company uncovered injects code into the UEFI, the firmware responsible for booting modern devices that run Windows or Linux. It does this by exploiting one of about a dozen critical image-parsing bugs that comprise the LogoFAIL constellation.
Normally, Secure Boot prevents the UEFI from running all subsequent files unless they bear a digital signature certifying those files are trusted by the device maker. The exploit bypasses this protection by injecting shell code stashed in a malicious bitmap image displayed by the UEFI during the boot-up process. The injected code installs a cryptographic key that digitally signs a malicious GRUB file along with a backdoored image of the Linux kernel, both of which run during later stages of the boot process on Linux machines.
The silent installation of this key induces the UEFI to treat the malicious GRUB and kernel image as trusted components, and thereby bypass Secure Boot protections. The final result is a backdoor slipped into the Linux kernel before any other security defenses are loaded.
In an online interview, HD Moore, CTO and co-founder at runZero and an expert in firmware-based malware, explained the Binarly report this way:
The Binarly paper points to someone using the LogoFAIL bug to configure a UEFI payload that bypasses secure boot (firmware) by tricking the firmware into accepting their self-signed key (which is then stored in the firmware as the MOK variable). The evil code is still limited to the user-side of UEFI, but the LogoFAIL exploit does let them add their own signing key to the firmware’s allow list (but does not infect the firmware in any way otherwise).
It’s still effectively a GRUB-based kernel backdoor versus a firmware backdoor, but it does abuse a firmware bug (LogoFAIL) to allow installation without user interaction (enrolling, rebooting, then accepting the new MOK signing key).
In a normal secure boot setup, the admin generates a local key, uses this to sign their updated kernel/GRUB packages, tells the firmware to enroll the key they made, then after reboot, the admin has to accept this new key via the console (or remotely via bmc/ipmi/ilo/drac/etc bios console).
In this setup, the attacker can replace the known-good GRUB + kernel with a backdoored version by enrolling their own signing key without user interaction via the LogoFAIL exploit, but it’s still effectively a GRUB-based bootkit, and doesn’t get hardcoded into the BIOS firmware or anything.
Machines vulnerable to the exploit include some models sold by Acer, HP, Fujitsu, and Lenovo when they ship with a UEFI developed by manufacturer Insyde and run Linux. Evidence found in the exploit code indicates the exploit may be tailored for specific hardware configurations of such machines. Insyde issued a patch earlier this year that prevents the exploit from working. Unpatched devices remain vulnerable. Devices from these manufacturers that use non-Insyde UEFIs aren’t affected.
Binarly tracks the Insyde vulnerability under exploitation as BRLY-2023-006. The industry-wide tracking designations are CVE-2023-40238 and CVE-2023-39538. Insyde has published an advisory for CVE-2023-40238 here. People should ensure all devices containing an Insyde UEFI have been patched.
One reason for the suspicion found exploit isn’t being actively used is the logo displayed during the infection. LogoFAIL works by exploiting vulnerabilities image-parsing components of the UEFI. These images typically display logos belonging to the device makers. By swapping out the benign image provided by the device maker with an identical one containing malicious exploit code, there would be no reason to detect anything amiss. The malicious image swapped out by the exploit displays an image of a cute cat.