![]() enables and starts RemoteRegistry, once it detects execution of a gaming process. Prioritization engine allows to set network bandwidth limits for a specific process, say, svchost.exe while Gamefast manipulates Windows services, e.g. The most fruitful for us features are Prioritization engine and Gamefast mode. Killer performance suite provides a few features to shape network traffic. Finally, in 2020 Intel acquired Rivet Networks, so these days Killer Control Center belongs to Intel. Some time later Rivet and Intel co-operatively released a few gaming oriented NICs. to lower ping, which might be critical for gaming. The cards and the accompanying application intended to improve gaming experience, e.g. Originally Killer was developed by Rivet Networks for Killer-branded network cards. The research revealed a few security issues in Killer suite. Many people don’t do fresh install after buying a laptop, so didn’t I because I wanted to research how vulnerable the default software package is. Some time ago I bought a slick and shiny Dell XPS. In this blog post I cover the details of the vulnerability, provide a PoC and show the video of the attack. Intel has confirmed and fixed it, CVE-2021-26258 was assigned. The vulnerability existed undetected for a few years, I guess starting from 2016. Dell, preinstall Killer Control Center to their laptops which significantly increases the impact of the vulnerability. Bandwidth limit definitions get applied immediately upon the update while service definitions, dependently on settings, might need enabling Gamefast mode from the UI. The update should be triggered by user via Killer Control Center UI. ![]() Lack of signature of the configuration file makes it possible for the person-in-the-middle to maniuplate bandwidth limits and services on the remote computer by adding/modyfing entries to the configuration file during the update process. Boost modes define which services should be on or off when the certain mode is enabled. Network limits allow to block a specific process from accessing network by process’s image name. The configuration file contains, amongst other things, definitions of processes’ network bandwidth limits and directives for Killer’s Boost modes. Killer Control Center downloads unsigned configuration file from Killer’s web server via plain HTTP. Remote attacker can start, stop, enable or disable any service and block network access for any process in the OS regardless of their privileges. 0 is prone to tampering (person-in-the-middle) attack. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |