Security researchers found vulnerabilities in all drivers

Aug 12, 2019 10:38 GMT  ·  By

All major BIOS vendors, along with the likes of AMD, Nvidia, Intel, Huawei, and many others, are offering drivers that have serious security issues. A new report, called Screwed Drivers, from Eclypsium, revealed the worrying extent of the problem.

People have to safeguard their PCs and phones by using antivirus software and by making sure that they don’ expose their operating system to any kind of malware. But what happens when even the drivers provided by the hardware manufacturers are full of vulnerabilities, leaving the operating systems exposed to possible attacks.

Fortunately for us, the end-users, the problems are identified by hackers who are interested in making the world safer, but that’s not always the case. Also, there is no indication that researchers from Eclypsium, who underlined all of the problems, are actually the first ones to discover the vulnerabilities.

Things are much, much worse than you think

The Eclypsium researchers revealed a report showing that all of the major hardware companies, including ASRock, ASUSTeK Computer, ATI Technologies (AMD), Biostar, EVGA, Getac, GIGABYTE, Huawei, Insyde, Intel, Micro-Star International (MSI), NVIDIA, Phoenix Technologies, Realtek Semiconductor, SuperMicro, and Toshiba have this systemic problem.

And keep in mind that this list is not complete. Some of the names are not yet public because those companies have yet to address the issues with their drivers. And the worst news is still to come.

“It is of particular concern that the drivers in question were not rogue or unsanctioned – in fact, just the opposite. All the drivers come from trusted third-party vendors, signed by valid Certificate Authorities, and certified by Microsoft. Both Microsoft and the third-party vendors will need to be more vigilant with these types of vulnerabilities going forward,” revealed the researchers.

That’s right, all the drivers were certified by Microsoft, which means that even if you wipe your OS clean right now, you’re still going to install the bad drivers. And there is no way to prevent the operating system from installing a certified driver.

It’s very likely that users are going to receive a wealth of new drivers in the coming weeks and months as the companies fix the vulnerabilities. Until then, we can only hope that only the people at Eclypsium are the ones to find them.