SoylentNews is people
SoylentNews
Submitted via IRC for AnonymousCoward
Driver Disaster: Over 40 Signed Drivers Can't Pass Security Muster
An insecure driver can be just what a hacker needs to get its foot in the door to a Windows environment. Compromised drivers are at the heart of massive security headaches ranging from recent Slingshot APT campaigns and LoJax malware. That’s why researchers at Eclypsium are sounding the alarm over what it sees as a dire security problem of insecure drivers digitally signed by reputable firms such as Microsoft.
At a session here at DEF CON on Saturday, Eclypsium’s principal researcher Mickey Shkatov was joined by researcher Jesse Michael and both shed light on research that showed that the problem of insecure drivers is widespread, affecting more than 40 drivers from at least 20 different vendors – all drivers being certified by Microsoft.
“These vulnerabilities allow the driver to act as a proxy to perform highly privileged access to the hardware resources and move an attacker from user mode to OS kernel mode,” researchers noted. They added that the vulnerabilities are widespread, impacting major BIOS vendors, as well as hardware sold by ASUS, Toshiba, NVIDIA and Huawei.
Researchers said they first pinpointed the issue in April when they culled 40 insecure drivers representing 20 vendors. They then gave offending companies a 90-day window to mitigate the issues. All 40 drivers are unique and 64-bit and signed by two separate vendors, researchers said.
“Some of the most dangerous [insecure driver attack scenarios] are arbitrary read/write of kernel memory, arbitrary read/write of model specific registers (MSRs), and arbitrary read and write of physical memory as these can all be used to achieve arbitrary code execution within the Windows kernel,” researchers told Threatpost.
Shkatov added that arbitrary hardware access via an insecure driver can allow malicious modification of firmware components, resulting in persistent subversion of existing Windows AV protection. Such was the case in March when Huawei MateBook systems included a rogue driver that let unprivileged users create processes with superuser privileges.
(Score: 3, Touché) by maxwell demon on Sunday August 11 2019, @02:51PM (14 children)
So what hardware do you have that has no Linux driver? The last device with no Linux driver available I had was a 28.8k modem. Needless to say that this was many years ago.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 0) by Anonymous Coward on Sunday August 11 2019, @03:39PM (11 children)
Last device I got without Linux support was a Corsair Glaive. Fortunately, because the kernel is zomg open source, I was able to hack in support myself in a couple of hours by simply telling the kernel to see it as a variant of the Scimitar. From what I gathered looking at the Scimitar code, Corsair subtly broke the HID mouse protocol. iirc hid-corsair.ko only massages the HID packets for consumption by the usual HID driver. Intentionally to target Linux? Who knows. Official support has since been added.
(Score: 1) by Ethanol-fueled on Sunday August 11 2019, @04:26PM (10 children)
A gaming mouse for Linux, hahahahaah! That's like buying a Corvette to cruise the swamps of Louisiana.
(Score: 0) by Anonymous Coward on Sunday August 11 2019, @04:52PM (6 children)
What kernel hacking have you done recently?
(Score: 1) by Ethanol-fueled on Sunday August 11 2019, @05:03PM (5 children)
I installed Ubuntu MATE 18 on my x64 desktop. You wouldn't believe what a pain in the ass it is to simply install Linux nowadays. It's like 1999 all over again. Manually editing shit, kernel-mode hacks (so complicated that I won't mention them to you because they are beyond the scope of this discussion and being an angry nerd I'd rather you figure it out yourself rather than tell you, freeloader), hex-editing, turning the crank, hitting it in the right spot, up, up, down, down, left, right, left, right, B, A, Start on my USB gamepad.
Jesus christ, what happened to Linux?! It was doing quite well for awhile. Now you have to be fucking Rain Man just to install it!
(Score: 2) by Gaaark on Sunday August 11 2019, @05:14PM
Why install Ubuntu?
Manjaro has been easy peasy.
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
(Score: 1, Funny) by Anonymous Coward on Sunday August 11 2019, @06:07PM (1 child)
You installed a systemd OS, and you're bitching about it not working. lol!
(Score: 2) by driverless on Monday August 12 2019, @07:15AM
That's the neat thing about Linux, there's so many distros that everyone gets at least one complete distro to (1) love and (2) hate, without there being any overlap with anyone else's pet love/hate distro.
(Score: 0) by Anonymous Coward on Sunday August 11 2019, @08:15PM
Sorry you can't figure it out. There's windows for people like you.
(Score: 3, Informative) by AthanasiusKircher on Sunday August 11 2019, @08:44PM
Assuming you're not just trolling...
That's your problem, right there. Ubuntu's promise was always "just works." I'll admit I bought into that when I downloaded Ubuntu for the first time maybe 12-13 years ago. That was when I decided to finally go whole hog and abandon Windows completely. (I'd been using Linux here and there and doing some dual-boot since maybe 1998 or so.)
Ubuntu took a little tweaking, but from my previous experience getting Linux distros going, I was used to that. Then I upgraded to the next version 6 months later, and everything broke. Then I fixed it. Then I upgraded 6 months later, and everything broke -- but mostly different things than were broken before. After it happened a third time, I quit Ubuntu (which at that point seemed more obsessed with making sure "wobbly windows" were working rather than actually having basic functionality) and went back to Debian for my primary machine. There -- everything pretty much just worked. It was old, but it worked.
A year or two later, after a bunch of distro hopping to try to find a better solution, I got a recommendation about Mint. So I tried it, and everything just worked. I installed it on two other machines (including a rather non-standard laptop), and everything pretty much just worked. I haven't looked back, and I was happy I switched when I did, because then a little while later Ubuntu switched to Unity and annoyed the heck out of most users.
Don't get me wrong -- I enjoy tweaking things and playing around sometimes. Heck, one of my favorite distros years ago was Gentoo. But when I want something that "just works," or I have to recommend something to a friend new to Linux, I recommend Mint. I've converted probably a half dozen people to Linux users over the past few years by recommending Mint when they complain their machine is getting old or running slow and Windows sucks. Ubuntu has had greater stability at times (so I've heard), but then weird crap happens again. I don't have time for that.
YMMV.
(Score: 4, Interesting) by dwilson on Sunday August 11 2019, @05:13PM (2 children)
I happen to have an old, late 80's corvette. It's waiting as a winter project, I'm going to put a GM 6.5L diesel in it. Just because I can.
Though if I lived in Louisiana, doing a swamp-boat mod would be a lot more interesting I think. Maybe I should put tracks on it instead, winterize it a bit. With it's fiberglass body it'd be an ideal rust-proof winter vehicle. Road salt is the shits, I tell you.
My point is, taking something and making it do things it was never intended for can be a lot of fun. And if you disagree, well, get fucked :) The rest of us will still enjoy doing it regardless of your opinion.
Mouse related, at an old job we once looked at using a 1000dpi laser mouse for tracking tubing distance as the tubing ran through a pair of rollers that were clamped around it. We ended up abandoning that idea, A resolution of 1000dpi was nowhere near fine enough when dealing with multiple-kilometers of tubing that needed millimeter-accurate distancing.
- D
(Score: 1, Informative) by Anonymous Coward on Sunday August 11 2019, @07:19PM (1 child)
You're putting a heavyass GM 6.5L diesel in it? That thing weighs twice that of a 350. Hope you have a welder to build a subframe and truck coils or that vette is going to nosedive into oblivion the first time you step on the brakes.
(Score: 2) by dwilson on Sunday August 11 2019, @11:41PM
You're right, it weighs a goodly bit more than the 350 smallblock, but it won't take as much work as you might think. It's been done to a C3 [thedieselpage.com] without any body or frame modification (allegedly). The early C4's aren't all that much different once you get the bodywork off.
But if it comes down to it, I do have a decent welder and will fabricate whatever needs fabricating to make it work. ...eventually. It's been an upcoming winter project for a number of winters now.
- D
(Score: 2) by stretch611 on Sunday August 11 2019, @09:45PM
My last laptop's webcam.
But, the amount of unsupported hardware is quite low. I have been using linux exclusively since 2008. (even at work exclusively since 2013.)
Generally, only the most bleeding edge hardware has a problem... and usually that is only until the next release of your distro, but usually, you can get support sooner if you are willing to compile the driver yourself.
Now with 5 covid vaccine shots/boosters altering my DNA :P
(Score: 2) by driverless on Monday August 12 2019, @07:12AM
There's a vast amount of hardware out there that doesn't have Linux drivers and will never have Linux drivers, because there's no money in it. For example if you do TV video production then you're pretty much stuck with Windows because that's the only OS a lot of the gear has drivers for. If you're lucky, it's Windows 7 and not XP any more.