Nvidia hackers release code-signing certificates that malware can abuse | #microsoft | #hacking | #cybersecurity

Credit: Dreamstime

The hacker group that recently broke into systems belonging to graphics chip maker Nvidia has released two of the company’s old code-signing certificates. Researchers warn the drivers could be used to sign kernel-level malware and load it on systems that have driver signature verification.

The certificates were part of a large cache of files that hackers claim totals 1TB and includes source code and API documentation for GPU drivers. Nvidia confirmed it was the target of an intrusion and that the hackers took “employee passwords and some Nvidia proprietary information,” but did not confirm the size of the data breach.

What happened with the Nvidia data breach?

On February 24 an extortion group calling itself LAPSUS$ claimed publicly that it had administrative access to multiple Nvidia systems for around a week and managed to exfiltrate 1TB of data including hardware schematics, driver source code, firmware, documentation, private tools and SDKs, and “everything about Falcon” — a hardware security technology embedded in Nvidia GPUs that’s meant to prevent those GPUs from being mis-programmed.

While Nvidia hasn’t released details about what was stolen beyond confirming a cyber attack resulting in breached data, LAPSUS$ followed up with the release of 20GB of data from the alleged cache as proof. 

The group also said it has information on Nvidia LHR (Lite Hash Rate), a technology that the company introduced on its RTX 30-series GPUs to allow them to detect when they’re being used for mining Ethereum cryptocurrency and lower their performance. 

The goal of this technology was to make high-performance Nvidia GPUs less appealing to cryptocurrency miners after these GPUs became almost impossible to obtain for regular gamers due to constant stock shortages.

To prove that they have the information, LAPSUS$ even released a tool the group claims allows users to bypass the LHR limitation without re-flashing the GPU firmware. 

Then the group changed their demands and asked the company to completely open source their GPU drivers on all systems, including Linux where the lack of an open-source Nvidia driver has been a contentious point for many years in the community and is seen as one of the reasons why game development studios have not embraced Linux as a platform.

Why are code-signing certificates important?

Code-signing certificates are certificates that chain back to Microsoft certificates including in Windows. Running applications that are not signed is possible on Windows, but they trigger more visible security alerts than running applications signed by a trusted developer.

Original Source link

Leave a Reply

Your email address will not be published.

eighty − = 75