BACKGROUND:
Researchers at SentinelLabs have discovered a high severity flaw in an HP OMEN driver – a popular gaming system – which affects millions of gaming devices and users worldwide.
HP Omen Gaming Hub is a software product that comes preinstalled on all HP OMEN desktops and laptops and can be downloaded from the Microsoft Store to any Windows 10 computer that uses peripheral accessories sold under the OMEN brand. This software can be used to control and optimize settings such as device GPU, fan speeds, CPU overclocking, memory, and more. The same software is used to set and adjust lighting and other controls on gaming devices and accessories such as mouse and keyboards. Attackers could exploit vulnerabilities to locally escalate to kernel-mode privileges. With this level of access, attackers can disable and bypass security products, overwrite system components, corrupt the OS, or perform any malicious operations unimpeded.
<p>With the rise of remote workers during the Covid-19 Pandemic, the collision between corporate IT environments and personal hardware will only rise as employees supply more of their own hardware to continue to customise and equip their home offices. It is impossible to anticipate all potential driver and hardware vulnerabilities that can arise from these situations, so it is important for IT departments to recognise and react to threats such as these when they’re made public. Additionally, the enforcement of proactive security measures such as limiting software installations to only approved software sources and maintaining approved workstation images will limit the impact of threats like this. However, maintaining and consuming a diverse threat intel feed is one of the best ways to limit exposure to vulnerabilities as they are found and publicised.</p>
<p>From a development perspective, balancing software access to hardware has always been a precarious balancing act between offering up enough functionality to developers to be able to talk to hardware in a meaningful fashion and preventing overreach via those same communications channels and API calls. As new functionality is developed, such as RGB coloration, changing hardware settings, and other essentials of modern gaming hardware, the abstraction isn’t necessarily properly safeguarded from abuse. These types of calls tend to be made through interfaces that allow ‘by default’ which can lead to privilege escalation and other security concerns until they are made through an abstraction layer that denies ‘by default’ and only allows the required calls to the hardware.</p>
<p>Perhaps this vulnerability is a reminder of why it’s called \’The Bleeding Edge\'</p>