[Cryptography] Is "drivers for foo" a major malware vector?
Ray Dillinger
bear at sonic.net
Sun Apr 17 18:32:56 EDT 2016
I recently went to the Internet to search for a possible
replacement for a device one of whose virtues was that
there has never been any driver requirement whatsoever.
It has a microcontroller with firmware that makes it look
like a bog-standard keyboard from the computer's point
of view. So of course it works regardless of what OS
you have (regardless, in fact, of whether you have one -
you can use it to interact with the BIOS).
No drivers for this device have EVER been available from
the manufacturer. The whole job is handled in firmware;
There would be nothing for drivers to do.
Nevertheless, when I searched for a possible replacement,
I came up with hundreds and hundreds of sites that were
offering free downloads of the drivers.
And the same sites come up with offers of free downloads
of software drivers for literally any piece of computer
hardware ever manufactured, by any manufacturer, with a
recognizable model name.
I can imagine absolutely nothing that these downloads could
be other than malware. And of course if the dupe thinks
that they're drivers, of course they'd be installed with
root privileges.
Seriously? That many sites? That blatantly? That
UNIVERSALLY? With essentially no *OTHER* responses to
queries about any fairly obscure piece of hardware? And
I've never seen a specific "malware drivers" warning,
over and above the "don't install random downloads"
advice?
Bear
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160417/16c38ddb/attachment.sig>
More information about the cryptography
mailing list