If you own a device, or a hardware component, manufactured by ASUS, Toshiba, Intel, NVIDIA, Huawei, or other 15 other vendors listed below, you’re probably screwed.
A team of security researchers has discovered high-risk security vulnerabilities in more than 40 drivers from at least 20 different vendors that could allow attackers to gain most privileged permission on the system and hide malware in a way that remains undetected over time, sometimes for years.
For sophisticated attackers, maintaining persistence after compromising a system is one of the most important tasks, and to achieve this, existing hardware vulnerabilities sometimes play an important role.
One such component is a device driver, commonly known as a driver or hardware driver, a software program that controls a particular type of hardware device, helping it to communicate with the computer’s operating system properly.
Since device drivers sit between the hardware and the operating system itself and in most cases have privileged access to the OS kernel, a security weakness in this component can lead to code execution at the kernel layer.
This privilege escalation attack can move an attacker from user mode (Ring 3) to OS kernel-mode (Ring 0), as shown in the image, allowing them to install a persistent backdoor in the system that a user would probably never realize.
Discovered by researchers at the firmware and hardware security firm Eclypsium, some of the new vulnerabilities could allow arbitrary read/write of kernel memory, model-specific registers (MSRs), Control Registers (CR), Debug Registers (DR), and physical memory.
“All these vulnerabilities allow the driver to act as a proxy to perform highly privileged access to the hardware resources, which could allow attackers to turn the very tools used to manage a system into powerful threats that can escalate privileges and persist invisibly on the host,” the researchers explain in their report titled ‘Screwed Drivers.’