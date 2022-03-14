NVIDIA is in the eye of the storm once again. The situation around the lack of components or the price, excessive in many cases, of the graphics cards signed by the American company are not the reason today. In this case, we are talking about a hacker attack to its own servers that has resulted in the massive theft of nearly 1TB of information, future strategies and, worst of all, important data.

This news adds to the already huge list of DDoS attacks that important technology companies have suffered in recent years. However, this data theft that we already echoed at the end of last February hides several dangerous details. The theft of two certifications of code signing has already generated a first response from these hackers: the massive shipment of graphics card drivers from the American firm that contained malware capable of infecting the entire system. But how does this affect us as users? The answer is simple, and that is our security has also been compromised.

A code certificate is a mechanism used by development teams to digitally sign files and drivers, also called controllers, capable of being executed on our system. That is, by having access to these certificates, specifically two dated 2014 and 2018, the hackers they could sign a virus, spyware, ransomware, or adware with them and our PC would detect it as valid. A kind of Trojan horse – actually all viruses are – where our system Windows can’t detect malware when parsing the file, wreaking havoc on our device.

The problem comes when, despite being two certificates with years behind them and, according to Microsoft, already “expired” can benefit from core functionality of Windows operating systems: their compatibility. While many certificates today are validated by Windows Hardware Quality Labs or WHQL, the operating system often makes exceptions and installs certain software. even if the certificate has expired.

As part of the #NvidiaLeakstwo code signing certificates have been compromised. Although they have expired, Windows still allows them to be used for driver signing purposes. See the talk I gave at BH/DC for more context on leaked certificates: https://t.co/UWu3AzHc66 pic.twitter.com/gCrol0BxHd – Bill Demirkapi (@BillDemirkapi) March 3, 2022

The strength of Windows is backwards compatibility

But why is this dangerous? Let’s put ourselves in a situation: if we run software, regardless of what it is, on our hard drive, the operating system automatically decrypts the program’s signature and compares it with the “root” certificate of the system. If a program includes a signature validated at some point by Microsoft itself, as may happen in this case, even if it has expired, it is still trusted. This “a blind eye” of the operating system it can be used to the benefit of hackers themselves by introducing different viruses signed as a verified program.

The strength of Windows is compatibility with previous versions, so this is a huge headache for the American company. Right now, Microsoft has a difficult situation in front. If you allow expired certificates to be untrusted, a lot of old software will stop working or cause worrying errors and lack of stability when starting up in our operating system.





¿What can we as users do to avoid problems in the future?? In this case, and as a more feasible alternative than going back to the stone age —understanding this radical way of speaking as the only way to avoid computer attacks and the viruses that surround us every day—, being cautious is the most important thing. . Right now, the problem is focused on fake drivers that can enter our system and potentially dangerous programs.

To have a good control of the drivers that we install in our system we have to go to exclusively to the download client of our graphics card, that is, GeForce Experience in the case of NVIDIA or AMD Radeon Software by AMD. Unless you have a new device and do not have both download software, the most efficient option is to obtain it from the NVIDIA or AMD websites to know for sure what type of software we are introducing in the PC.

Finally, when installing a program, you should always do it from the official pages of the software in question. Third-party portals or P2P links —essentially those shared by torrent— are currently a battlefield where viruses roam freely. The situation is not criticalNot catastrophic either. Microsoft may still blacklist all those certificates in the future and use only the certificates offered by the WHQL quality and control system, but remember the saying “better cure than disease”.