A critical vulnerability was recently discovered by security research firm SafeBreach, which uses unmonitored privilege escalation in Open Hardware Monitor tool to infect Windows PCs that run software based on it. Among others, one of the most commonly found bundled software that uses the Open Hardware Monitor is HP TouchPoint Analytics — a tool that runs on millions of HP laptops and desktops worldwide, thereby putting the same number of users at risk. The flaw has since been reported to HP, and the company has subsequently issued a patch fixing the said vulnerability.
The reason why this flaw could have been potentially critical is because tools such as HP TouchPoint Analytics are loaded as signed services, and are therefore whitelisted by many anti-malware tools. In this case, the HP TouchPoint Analytics tool had high, root-level system access, and being a whitelisted tool, allowed attackers to escalate the system privilege to gain access to critical parts of the system. Potential use cases for hackers here include data theft, undetected tracking of users and critical surveillance activities, which are further compounded by attackers going undetected because of anti-malware and spyware tools failing to detect it as a breach.
“These types of vulnerabilities are alarming because they indicate the ease with which malicious hackers could mount supply-chain attacks targeting and breaching highly trusted elements of our software ecosystem. This should be a clear signal to security teams that they need to increase their frequency of testing and analysis of their security envelope, in order to match the pace of criminals who are constantly innovating ways to hack into the most vulnerable parts of IT systems,” said Itzik Kotler, co-founder and chief technology officer of SafeBreach.
HP’s laptops and desktop systems run across a wide range of locations, and alongside personal use, are also used in enterprises that deal with potentially sensitive data. This makes the discovery even more sensitive, since through this privilege escalation process, attackers could simply target IT administrator setups, enter specific terminals, install arbitrary and malicious DLL files into the system and gain access to the machines in question, thereby gaining access to high sensitivity data. The flaw has since been patched by HP, although SafeBreach mentions that any other company that uses the Open Hardware Monitor tool is still potentially at risk.
Given that the Open Hardware Monitor tool is an open source utility, many stock software that are whitelisted by anti-malware scanners use it extensively. This brings the total potentially affected count up to tens of millions, further underlining the importance of issuing regular software updates for both companies and IT administrators alike.