Intel-powered laptops are safe again. So are desktops.
Intel has released version 2.4 of the Intel Driver Update Utility, fixing a critical security flaw (CVE-2016-1493) that enabled attackers to intercept driver updates and serve malware instead.
The Intel Driver Update Utility is a desktop application which Intel users can install and automate the driver update process. The utility works by scanning a user’s PC, detecting all Intel devices, checking to see if there’s a newer version for the devices’ drivers, and then downloading, installing, and updating the older drivers.
Another support app working via HTTP
What security researchers from CoreSecurity discovered is that this utility was using HTTP to contact Intel’s download servers.
An attacker on the victim’s network could have easily launched an “ARP poisoning attack combined with DNS spoofing” and intercept these update requests, replacing the driver download with everything they wanted.
The attacker could serve up malware instead of the proper Intel drivers, and the Intel Driver Update Utility would automatically download the files and automatically launch them into execution, all with system-level privileges, which a driver update utility usually requests from users when it’s installed.
The attack is quite easy to execute
To carry out the attack, a hacker wouldn’t even need to be outside your door on your WiFi network. Since ARP poisoning and DNS spoofing attacks are easy to automate, all the attacker needed was an infected machine on a local network, or a compromised ISP server.
The attacker would need to watch HTTP traffic (which is sent in cleartext) for Intel’s update servers, and intervene only then, serving adware for smaller monetary gains, or more dangerous threats like ransomware to blackmail users for bigger sums of money.
Affected Intel Driver Update Utility versions are 2.0, 2.1, 2.2, and 2.3. To be on the safer side of this bug, download and replace your older versions with v2.4.
Intel joins Dell, Lenovo, and Toshiba, forming the Four Horsemen of bad support service software.
Working as a cyber security solutions architect, Alisa focuses on bug bounty and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.