News Malware authors are using stolen Nvidia certificates to make their software seem trustworthy

GodisanAtheist

Diamond Member
Nov 16, 2006
4,021
2,601
136
  • Haha
Reactions: Mopetar

JoeRambo

Golden Member
Jun 13, 2013
1,603
1,712
136
Not easy for MS and Nvidia to deal with. They will need a new root sertificate, release a new version of potentially no longer supported drivers. Only then blacklist of NV old cert trust is possible.
Horrible situation for security.
 

Fallen Kell

Diamond Member
Oct 9, 1999
5,771
296
126
Well, it comes down to supply chain at this point. You need to now trust the source of where you obtained the drivers (especially older ones that may not get signed under the new certs). This isn't really too big a problem as long as Nvidia maintains their download servers properly. That said, it is a big deal to people who are trying to obtain hacked drivers/firmware in order to unlock additional features or remove artificial degradation such as the controls for limiting crypto mining on recent cards. Anyone who is doing these kinds of activities need to be highly aware of the issues of more malware/viruses being hidden inside these drivers.
 

sdifox

No Lifer
Sep 30, 2005
88,252
11,011
126
Well, it comes down to supply chain at this point. You need to now trust the source of where you obtained the drivers (especially older ones that may not get signed under the new certs). This isn't really too big a problem as long as Nvidia maintains their download servers properly. That said, it is a big deal to people who are trying to obtain hacked drivers/firmware in order to unlock additional features or remove artificial degradation such as the controls for limiting crypto mining on recent cards. Anyone who is doing these kinds of activities need to be highly aware of the issues of more malware/viruses being hidden inside these drivers.

Umm, wouldn't it be more suspecious if a hacked driver is signed?
 

Fallen Kell

Diamond Member
Oct 9, 1999
5,771
296
126
Sure it would be suspicious if the hacked driver is signed. But like as I saying above, the issue isn't really as bad as people are making it out to be. If the people who hacked Nvidia release the private signing keys, it won't be long for Nvidia to revoke those keys. I have to believe that Nvidia has already revoked all user/login credentials that were in use across its entire platform, securing their data, webservers, and fileservers already. This prevents the hackers from being able to sign a hacked driver and upload it to Nvidia's site for download.

This only leaves man-in-the-middle and DNS-poisoning attacks for the hackers to point someone to their hacked drivers. But these types of attacks are becoming harder and harder to do with the adoption of DNS-Sec and the widespread use of https. Which again, means the only hacked drivers that are signed would be on third-party sites, which should be inherently not-trusted by anyone at this point, except for those people who are looking to find a hacked driver to unlock some kind of performance in their card that the official drivers do not support. And in that case, they are the people at risk and should already know that the driver they are grabbing has been modified and is a complete use at your own risk kind of thing.
 

ASK THE COMMUNITY