Users login

Create an account »


Users login

Home » Hacking News » Device drivers full of flaws

Device drivers full of flaws

by Nikola Strahija on May 28th, 2005 Security experts warn about poor skills of driver programmers, because of which software that ships with Windows and Linux is full of holes.

Device driver flaws can be more dangerous than other application vulnerabilities because device drivers are mostly part of the kernel itself and subverting the critical software gives an attacker direct access to the kernel. Moreover, drivers that have direct memory access (DMA) - such as USB drivers, CardBus drivers, graphics drivers and sound drivers - could be used to overwrite system memory and exploit the system.

David Maynor, a research engineer for Internet Security Systems' X-Force vulnerability analysis group states: -If you look through the device driver code; there are a lot of problems. The state of the code's security is not strong.’ It took him only a few hours to find more than a dozen glitches in several Windows XP drivers.

Windows is not the only operating system at risk. A survey of the Linux 2.6.9 kernel code performed by automated-code-checking software maker Coverity found that, while the overall quality of the code had increased significantly, more than 50 per cent of flaws appeared in device drivers. Many of those flaws may not affect system security, but the ratio is generally indicative of the quality of the code, said Seth Hallem, CEO of Coverity.

He thinks that the major problem is that the people writing the device drivers are not generally the core programmers. Therefore, even dough Windows and Linux operating systems have both undergone significant audits in the past several years, most of them concerning security issues, many device drivers - especially those created by third-party hardware providers - have escaped rigorous testing.

Microsoft acknowledged the threat but stated that the company's developers had already started checking drivers that have been shipped with Windows for flaws.

As always, there are opposing arguments about this problem. Another security expert says: -If you can crash your kernel with an application that is a kernel flaw. There is a numbers of device drivers in the Linux kernel source tree, many of them are ancient and not kept up to date.’ He does not agree that the quality of programming in device drivers poses any special threat to Linux. Furthermore many device drivers can only be exploited by an attacker that has physical access to a computer, he said. The notable exceptions are networking, wireless and Bluetooth drivers.

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »