New security vulnerabilities via drivers for hardware manufacturers
New security flaws involve the drivers and applications of many hardware component manufacturers: software not updated but considered valid by the operating system is the vehicle of attack.
The research institute on the cybersecurity Eclypsium has made available its own document, entitled ” Screwed Drivers “, which highlights a series of critical security flaws on which the drivers that drive the products of about forty hardware companies present are developed. global level. There are 3 problems highlighted with the names of RWEverything, LoJax and SlingShot: LoJax is in the first UEFI malware.
The information, released at the 27th edition of the DEF CON conference in Las Vegas, points the index against the way in which the drivers are developed. Instead of limiting the scope of use to specific scenarios, we prefer to structure them so as to be able to intervene on a wide range of uses and applications. In this way, their writing is faster and more direct, but with the risk of making them more vulnerable to security breaches.
The vulnerabilities identified are such as to allow access to the so-called Rin 0, the one to which the greatest privileges on the system correspond. In Ring 0 it intervenes directly on the hardware and on the firmware associated with it. As a general rule, many system administrators can boast Ring 3 level access, with much more limited and limited intervention privileges on the system.
The drivers covered by this security review are signed with valid Certificate Authorities, then certified as valid by Microsoft within the Windows operating system in the WHQL program: this makes them potentially even more dangerous because they are perceived as safe. The partial list of companies involved in these security issues includes well-known names: ASUSTeK Computer, ATI Technologies (AMD), Biostar, EVGA, Getac, GIGABYTE, Huawei, Insyde, Intel, Micro-Star International (MSI), NVIDIA, Phoenix Technologies, Realtek Semiconductor, SuperMicro, Toshiba.
Eclypsium is working with the various companies involved to correct the vulnerabilities, so the release of updates for software, applications, bios and firmware of the hardware products at risk is to be expected. Detailed information on how these vulnerabilities can be exploited will be made available by Eclypsium in the near future: for the time being, we expect many new drivers to be updated, with an increasing attention to the security problems of our systems.