Sat. Jul 11th, 2020

Over 40 drivers exist design flaw let hacker install backdoor on Windows PCs

2 min read

At present, information security issues are becoming more and more prominent. After the Spectre and Meltdown are found, computer hardware vulnerabilities have gradually become the focus of information security researchers. Recently, a network security research company called Eclypsium published a report that more than 20 companies will receive the impact of the discovered “Screwed Drivers” vulnerability.

In the brief report, the company said that driver and firmware insecure issues are very common, including major BIOS vendors such as ASUS, ASRock and other drivers such as NVIDIA, and found serious vulnerabilities, and more seriously they found The vulnerable drivers are certified by Microsoft , so they have reported Microsoft to provide such a way to prevent such vulnerabilities by including blacklisting the problem drivers.

Specifically, these vulnerabilities allow the driver to act as a proxy to perform high-privilege access to hardware resources, such as read and write access to the processor and chipset I/O space.

“All these vulnerabilities allow the driver to act as a proxy to perform highly privileged access to the hardware resources, which could allow attackers to turn the very tools used to manage a system into powerful threats that can escalate privileges and persist invisibly on the host,” the researchers explain in their report titled ‘Screwed Drivers.’

“Access to the kernel can not only give an attacker the most privileged access available to the operating system, it can also grant access to the hardware and firmware interfaces with even higher privileges such as the system BIOS firmware.”

The discovery of Eclypsium not only reminds hardware manufacturers that they need to pay more attention to firmware security but also shows that even if the driver is signed, it does not mean security. Therefore, in order to deal with this problem, a hardware manufacturer is required to actively introduce more secure firmware and drivers, and users also need to actively upgrade the latest firmware to ensure that the device is not affected by the vulnerability.