Comments by: Jamie Boote, Security Consultant, Synopsys Software Integrity Group
With the rise of remote workers during the COVID-19 pandemic, the collision between corporate IT environments and personal hardware will only rise as employees supply more of their own hardware to continue to customise and equip their home offices. It is impossible to anticipate all potential driver and hardware vulnerabilities that can arise from these situations, so it is important for IT departments to recognise and react to threats such as these when they’re made public. Additionally, the enforcement of proactive security measures such as limiting software installations to only approved software sources and maintaining approved workstation images will limit the impact of threats like this. However, maintaining and consuming a diverse threat intel feed is one of the best ways to limit exposure to vulnerabilities as they are found and publicised.
From a development perspective, balancing software access to hardware has always been a precarious balancing act between offering up enough functionality to developers to be able to talk to hardware in a meaningful fashion and preventing overreach via those same communications channels and API calls. As new functionality is developed, such as RGB coloration, changing hardware settings, and other essentials of modern gaming hardware, the abstraction isn’t necessarily properly safeguarded from abuse. These types of calls tend to be made through interfaces that allow ‘by default’ which can lead to privilege escalation and other security concerns until they are made through an abstraction layer that denies ‘by default’ and only allows the required calls to the hardware.
Perhaps this vulnerability is a reminder of why it’s called “The Bleeding Edge”.