Skip to main content

Over 40 Drivers Could Let Hackers Install Persistent Backdoor On Windows PCs.If you own a device, or a hardware component, manufactured by ASUS, Toshiba, Intel, NVIDIA, Huawei, or other 15 other vendors listed below, you're probably screwed.


A team of security researchers has discovered high-risk security vulnerabilities in more than 40 drivers from at least 20 different vendors that could allow attackers to gain most privileged permission on the system and hide malware in a way that remains undetected over time, sometimes for years.

For sophisticated attackers, maintaining persistence after compromising a system is one of the most important tasks, and to achieve this, existing hardware vulnerabilities sometimes play an important role.


One such component is a device driver, commonly known as a driver or hardware driver, a software program that controls a particular type of hardware device, helping it to communicate with the computer's operating system properly.

Since device drivers sit between the hardware and the operating system itself and in most cases have privileged access to the OS kernel, a security weakness in this component can lead to code execution at the kernel layer.

This privilege escalation attack can move an attacker from user mode (Ring 3) to OS kernel-mode (Ring 0), as shown in the image, allowing them to install a persistent backdoor in the system that a user would probably never realize.

windows driver hacking

Discovered by researchers at the firmware and hardware security firm Eclypsium, some of the new vulnerabilities could allow arbitrary read/write of kernel memory, model-specific registers (MSRs), Control Registers (CR), Debug Registers (DR), and physical memory.

"All these vulnerabilities allow the driver to act as a proxy to perform highly privileged access to the hardware resources, which could allow attackers to turn the very tools used to manage a system into powerful threats that can escalate privileges and persist invisibly on the host," the researchers explain in their report titled 'Screwed Drivers.'

"Access to the kernel can not only give an attacker the most privileged access available to the operating system, it can also grant access to the hardware and firmware interfaces with even higher privileges such as the system BIOS firmware."

Since malware running in the user space can simply scan for a vulnerable driver on the victim machine to compromise it, attackers don't have to install their own vulnerable driver, installing which otherwise requires system administrator privileges.


All the vulnerable drivers, as listed below, uncovered by the researchers, have been certified by Microsoft.

American Megatrends International (AMI)

ASRock

ASUSTeK Computer

ATI Technologies (AMD)

Biostar

EVGA

Getac

GIGABYTE

Huawei

Insyde

Intel

Micro-Star International (MSI)

NVIDIA

Phoenix Technologies

Realtek Semiconductor

SuperMicro

Toshiba

The list also includes three more hardware vendors which researchers did not name yet, as they are "still under embargo due to their work in highly regulated environments and will take longer to have a fix certified and ready to deploy to customers."

"Some vulnerable drivers interact with graphics cards, network adapters, hard drives, and other devices," researchers explain. "Persistent malware inside these devices could read, write, or redirect data stored, displayed, or sent over the network. Likewise, any of the components could be disabled as part of a DoS or ransomware attack."


Device driver flaws can be more dangerous than other application vulnerabilities because it allows an attacker access to the "negative" firmware rings that lie beneath the operating system and maintain persistence on the device, even if the operating system is completely reinstalled, just like in case of LoJax malware.

Researchers have reported these vulnerabilities to the affected vendors, of which some, including Intel and Huawei, have already released patch updates and issued a security advisory.

Besides this, researchers have also promised to soon release a script on GitHub that would help users find wormhole drivers installed on their systems, along with proof-of-concept code, video demonstrations, and links to vulnerable drivers and tools.



Comments

Popular posts from this blog

Escaped Murder Suspect Finally Arrested in Yumbe Regional Referral Hospital, Yumbe District.

Story by Osuta Yusuf. 19-November-2024. 📸: Eyotre Kennedy handcuffed on bed while receiving medication this morning at Yumbe Regional Referral Hospital in Yumbe District. Eyotre Kennedy originating from Etoko village, Nyoroo Parish, Nyadri Sub-county in Maracha District who has for many years been terrorizing residents in his village, has finally been arrested this Monday morning 19-November-2024 while receiving treatment at Yumbe Regional Referral Hospital in Yumbe District following injuries he sustained from Theft mission on Saturday night 16-November-2024 in Owapi village, Azapi parish in Odupi Sub-county, Terego East Constituency in Terego District. Click here on the link  https://informationispowah.blogspot.com/2024/11/fugitive-who-chopped-3-people-killed.html   to read the story on his Theft of Goats in Terego. Upon getting cut on the finger and leg by the Mob as he attempted to fight and overpower owner of the goats he attempted to steal on Saturday night ...

41-Years-Old Man Digs His Own Grave in Maracha District.

Story by Osuta Yusuf.  Maracha District.  📸: The grave been dug by Mr Opiga Michael, a victim of frustration. Photo taken by Osuta Yusuf , on Wednesday 11-September-2024. The residents of Ebapi village, Baria Parish in Nyadri Sub-county, Maracha east constituency, Maracha District are in shock after a 41 year old man started digging his own grave. The man, identified as Mr Opiga Michael, who seems to be frustrated over some challenges in life, started digging his own grave on Tuesday 10-September-2024 until he was stopped by the elders in Nyaria clan. 📸: Opiga Michael, the Victim of Frustration. Photo by Osuta Yusuf , Information is Power. While speaking to our reporter on Wednesday evening 11-September-2024, Mr Opiga Michael, said, his main plan  was to commit suicide after finishing digging the grave for burying himself, explained that, he feels frustrated, abandoned and hated by his own clan people, whom he accused of piling lies against him a...

Wedded Ayivu West MP Lematia John Fights Over Another Woman.

  📸: Hon Lematia John. By URN. Police in Arua district are investigating a case of assault and threatening violence involving the Member of Parliament for Ayivu West Constituency John Lematia and James Ariko, a DSTV technician in Arua city. Drama ensued on Easter Sunday 31-3-2024 at Dream Land Hotel located at Kuluva trading center along Arua-Nebbi highway in Arua district when the legislator and the technician engaged in a fight reportedly over a woman identified as Faith Eyotaru 25, a relationship officer at Victoria University Kampala. The scuffle started after Ayivu West Mp John Lematia went to swim at Dreamland Hotel with Faith Eyotaru only to find Ariko, who had gone to the same hotel earlier. However, upon seeing the duo coming out of the vehicle, Ariko confronted Lematia with both men claiming to be having a relationship with the lady. It took the intervention of the staff at the hotel who intervened and separated the fight between the men. Josephine Angucia, the West Nil...