Popular Posts

Blog Archive

Search This Blog

Over 40 Drivers Could Let Hackers Install Persistent Backdoor On Windows PCs

Share it:

Over 40 Drivers Could Let Hackers Install Persistent Backdoor On Windows PCs

If you own a tool, or a hardware element, factory-made by ASUS, Toshiba, Intel, NVIDIA, Huawei, or different fifteen different vendors listed below, you are in all probability screwed.
A team of security researchers has discovered bad security vulnerabilities in additional than forty drivers from a minimum of twenty completely different vendors that might enable attackers to achieve most privileged permission on the system and conceal malware in a very method that continues to be undetected over time, typically for years.

For sophisticated attackers, maintaining persistence once compromising a system is one in all the foremost necessary tasks, and to attain this, existing hardware vulnerabilities typically play a very important role.


One such element could be a service program, normally referred to as a driver or hardware driver, a software system program that controls a specific sort of hardware device, serving to it to speak with the computer's software system properly.

Since device drivers sit between the hardware and therefore the software system itself and in most cases have privileged access to the OS kernel, a security weakness during this element will result in code execution at the kernel layer.

This privilege increase attack will move associate degree wrongdoer from user mode (Ring 3) to OS kernel-mode (Ring 0), as shown within the image, permitting them to put in a persistent backdoor within the system that a user would in all probability ne'er notice.

Discovered by researchers at the code and hardware security firm Eclypsium, a number of the new vulnerabilities might enable capricious read/write of kernel memory, model-specific registers (MSRs), management Registers (CR), right Registers (DR), and physical memory.

"All these vulnerabilities enable the driving force to act as a proxy to perform extremely privileged access to the hardware resources, that might enable attackers to show the terribly tools wont to manage a system into powerful threats that may increase privileges and persist invisibly on the host," the researchers make a case for in their report titled 'Screwed Drivers.'

"Access to the kernel can't solely provide associate degree wrongdoer the foremost privileged access on the market to the software system, it can even grant access to the hardware and code interfaces with even higher privileges like the system BIOS code."
Since malware running within the user house will merely scan for a vulnerable driver on the victim machine to compromise it, attackers haven't got to put in their own vulnerable driver, putting in that otherwise needs supervisor privileges.

All the vulnerable drivers, as listed below, uncovered by the researchers, are certified by Microsoft.
➤American Megatrends International (AMI)
➤ATI Technologies (AMD)
➤Micro-Star International (MSI)
➤Phoenix Technologies
➤Realtek Semiconductor
The list conjointly includes 3 additional hardware vendors that researchers didn't name nevertheless, as they're "still below embargo thanks to their add extremely regulated environments and can take longer to own a fix certified and prepared to deploy to customers."
"Some vulnerable drivers move with graphics cards, network adapters, onerous drives, and different devices," researchers make a case for. "Persistent malware within these devices might browse, write, or direct information hold on, displayed, or sent over the network. Likewise, any of the parts may be disabled as a part of a DoS or ransomware attack."

Device driver flaws is additional dangerous than different application vulnerabilities as a result of it permits associate degree wrongdoer access to the "negative" code rings that lie at a lower place the software system and maintain persistence on the device, although the software system is totally reinstalled, similar to just in case of LoJax malware.
Researchers have reported these vulnerabilities to the affected vendors, of that some, together with Intel and Huawei, have already discharged patch updates and issued a security informative .
Besides this, researchers have conjointly secure to presently unharness a script on GitHub that will facilitate users realize hole drivers put in on their systems, together with proof-of-concept code, video demonstrations, and links to vulnerable drivers and tools.

Thanks for Reading✌✌✌
Share it:

Tech News