Intel Fixes Security Bug to Prevent Attackers From Hijacking the Driver Update Process

Status
Not open for further replies.

Exterminator

Community Manager
Thread author
Verified
Staff Member
Well-known
Oct 23, 2012
12,527
Intel has released version 2.4 of the Intel Driver Update Utility, fixing a critical security flaw (CVE-2016-1493) that enabled attackers to intercept driver updates and serve malware instead.

The Intel Driver Update Utility is a desktop application which Intel users can install and automate the driver update process. The utility works by scanning a user's PC, detecting all Intel devices, checking to see if there's a newer version for the devices' drivers, and then downloading, installing, and updating the older drivers.

Another support app working via HTTP
What security researchers from CoreSecurity discovered is that this utility was using HTTP to contact Intel's download servers.

An attacker on the victim's network could have easily launched an "ARP poisoning attack combined with DNS spoofing" and intercept these update requests, replacing the driver download with everything they wanted.

The attacker could serve up malware instead of the proper Intel drivers, and the Intel Driver Update Utility would automatically download the files and automatically launch them into execution, all with system-level privileges, which a driver update utility usually requests from users when it's installed.

The attack is quite easy to execute
To carry out the attack, a hacker wouldn't even need to be outside your door on your WiFi network. Since ARP poisoning and DNS spoofing attacks are easy to automate, all the attacker needed was an infected machine on a local network, or a compromised ISP server.

The attacker would need to watch HTTP traffic (which is sent in cleartext) for Intel's update servers, and intervene only then, serving adware for smaller monetary gains, or more dangerous threats like ransomware to blackmail users for bigger sums of money.

Affected Intel Driver Update Utility versions are 2.0, 2.1, 2.2, and 2.3. To be on the safer side of this bug, download and replace your older versions with v2.4.

Intel joins Dell, Lenovo, and Toshiba, forming the Four Horsemen of bad support service software.
 
H

hjlbx

Intel has released version 2.4 of the Intel Driver Update Utility, fixing a critical security flaw (CVE-2016-1493) that enabled attackers to intercept driver updates and serve malware instead.

The Intel Driver Update Utility is a desktop application which Intel users can install and automate the driver update process. The utility works by scanning a user's PC, detecting all Intel devices, checking to see if there's a newer version for the devices' drivers, and then downloading, installing, and updating the older drivers.

Someday happen to Windows Updates... :eek:...:confused:

No ?

Not possible ? :cool:
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top