One-Click RCE in Asus's Preinstalled Driver Software

https://news.ycombinator.com/rss Hits: 15
Summary

One-Click RCE in ASUS’s Preinstalled Driver Software Introduction This story begins with a conversation about new PC parts. After ignoring the advice from my friend, I bought a new ASUS motherboard for my PC. I was a little concerned about having a BIOS that would by default silently install software into my OS in the background. But it could be turned off so I figured I would just do that. Immediately after logging into Windows I was hit with a notification requesting admin permissions to complete the installation of ASUS DriverHub, because I forgot to change the BIOS option. Since I needed to get a WiFi driver for the motherboard anyway, I got curious and installed it. I don’t have a screenshot of DriverHub but it showed a popup exactly like this in the bottom-right of my screen DriverHub DriverHub is an interesting piece of driver software because it doesn’t have any GUI. Instead it’s just a background process that communicates with the website driverhub.asus.com and tells you what drivers to install for your system and which ones need updating. Naturally I wanted to know more about how this website knew what drivers my system needed and how it was installing them, so I cracked open the Firefox network tab. As I expected, the website uses RPC to talk to the background process running on my system. This is where the background process hosts an HTTP or Websocket service locally which a website or service can connect to by sending an API request to 127.0.0.1 on a predefined port, in this case 53000. Right about now my elite hacker senses started tingling. This is a very sketchy way to design driver management software. If the RPC isn’t properly secured, it could be weaponized by an attacker to install malicious applications. Finding the Vulnerability The next step was to see if I could call the RPC from any website, this was replicated by copying the request from my browser as a curl command and pasting it into my terminal. After fiddling with variations of the comm...

First seen: 2025-05-11 08:22

Last seen: 2025-05-12 03:24

Read Full Article More from this Source
Related News
Synder (YC S21) Is Hiring
2025-05-11 · 11 hits
Avoiding AI is hard – but our freedom to opt out must be protected
2025-05-12 · 4 hits
Ink and Algorithms: Techniques, tools and the craft of pen plotting
2025-05-11 · 9 hits
Scraperr – A Self Hosted Webscraper
2025-05-11 · 9 hits
An online exhibition of pretty software bugs
2025-05-11 · 9 hits