Expert Reacted On High Severity Vulnerability Found In HP’s Popular Gaming System

By   ISBuzz Team
Writer , Information Security Buzz | Sep 15, 2021 04:36 am PST

BACKGROUND:

Researchers at SentinelLabs have discovered a high severity flaw in an HP OMEN driver – a popular gaming system – which affects millions of gaming devices and users worldwide.

HP Omen Gaming Hub is a software product that comes preinstalled on all HP OMEN desktops and laptops and can be downloaded from the Microsoft Store to any Windows 10 computer that uses peripheral accessories sold under the OMEN brand. This software can be used to control and optimize settings such as device GPU, fan speeds, CPU overclocking, memory, and more. The same software is used to set and adjust lighting and other controls on gaming devices and accessories such as mouse and keyboards. Attackers could exploit vulnerabilities to locally escalate to kernel-mode privileges. With this level of access, attackers can disable and bypass security products, overwrite system components, corrupt the OS, or perform any malicious operations unimpeded.

Subscribe
Notify of
guest
1 Expert Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Jamie Boote
Jamie Boote , Security Consultant
September 15, 2021 12:38 pm

<p>With the rise of remote workers during the Covid-19 Pandemic, the collision between corporate IT environments and personal hardware will only rise as employees supply more of their own hardware to continue to customise and equip their home offices. It is impossible to anticipate all potential driver and hardware vulnerabilities that can arise from these situations, so it is important for IT departments to recognise and react to threats such as these when they’re made public. Additionally, the enforcement of proactive security measures such as limiting software installations to only approved software sources and maintaining approved workstation images will limit the impact of threats like this. However, maintaining and consuming a diverse threat intel feed is one of the best ways to limit exposure to vulnerabilities as they are found and publicised.</p>
<p>From a development perspective, balancing software access to hardware has always been a precarious balancing act between offering up enough functionality to developers to be able to talk to hardware in a meaningful fashion and preventing overreach via those same communications channels and API calls. As new functionality is developed, such as RGB coloration, changing hardware settings, and other essentials of modern gaming hardware, the abstraction isn’t necessarily properly safeguarded from abuse. These types of calls tend to be made through interfaces that allow ‘by default’ which can lead to privilege escalation and other security concerns until they are made through an abstraction layer that denies ‘by default’ and only allows the required calls to the hardware.</p>
<p>Perhaps this vulnerability is a reminder of why it’s called \’The Bleeding Edge\'</p>

Last edited 2 years ago by Jamie Boote

Recent Posts

1
0
Would love your thoughts, please comment.x
()
x