Tuesday, October 4

HP Flaw Lets Hackers Hijack Your PC – What To Do

Do you have an HP laptop or desktop? You want to make sure you have the latest software patches from HP.

That’s because there is a serious flaw in older versions of Touch point analysis, also known as HP Device Health Service, a diagnostic program built into most HP PCs running Windows. A user or program with administrative rights could use Touchpoint Analytics to silently and permanently install malware at the system level, and a limited user account could also do so in certain cases.

HP fixed this problem with Touchpoint Analytics/HP Device Health Service versión on October 4, but not all HP users may have received the update. Peleg Hadar from security firm SafeBreach has a detailed technical description of the flaw in a blog post today (Oct 10), which we summarize below.

How to make sure you are safe

There are two ways to check and solve this problem: one if you have Windows 10 and one if you don’t. The second method works for Windows 10 too, but it’s a bit more complicated. Both methods require you to log in as an administrator.

If you have Windows 10, right-click on the Windows icon at the bottom left of your screen and select Device Manager. Scroll down and expand the Software Components section. Right-click HP Device Health Service and select Properties. Select the Drivers tab and see what version of HP Device Health Service you have.

You want version If it is less, you will want to activate Windows Update to download and install the correct version.

See also  Create your own awesome Christmas art with this free AI app

Click on the Windows icon at the bottom left of your screen and select the Settings icon; looks like a bicycle gear. Click Updates and Security, then Windows Update if necessary, then click the big Check for Updates button. Windows will take care of the rest.

PLUS: Best HP Laptops

If you have an older version of Windows, click the Windows icon at the bottom left of your screen, open the Start menu, and select Control Panel. You can also type Control Panel in the search field. Find and select Programs and / or Programs and Features. You may also need to select Uninstall a program. Find the HP Touchpoint Analytics Client and see what version number is next to it.

Again, you want to have version If it is lower, you will have to update it. Unfortunately, Windows Update won’t do this for you on versions prior to Windows 10, so you have to use another tool.

Go back to the bottom left of your screen and type Administrative Tools. In the Administrative Tools window, double-click Task Scheduler. Right-click on TechPulse Updater and select Run.

Go the wrong way

The problem here arises because Touchpoint Analytics / HP Device Health Service uses open source software called Open Hardware Monitor to access low-level components of a PC, such as physical memory and hidden disk partitions. (You can download and install Open Hardware Monitor yourself here.)

Open Hardware Monitor does not specify the location of certain code repositories called dynamic link libraries or DLLs, and it does not verify the contents of the DLLs themselves. This makes sense for a universally applicable Windows utility, but when that utility is reused as a deep-privileged system diagnostic program, bad things can happen.

See also  The Best Strategy Games On PC

When Touchpoint Analytics starts, it looks for DLL files belonging to many possible types of hardware on a PC, including third-party video cards from AMD / ATI and Nvidia. Look in various probable directories, or file paths, for these DLLs.

Those file paths are specified by a system-wide “environment variable” called PATH that tells Touchpoint Analytics (and many other Windows applications) where to look for DLLs and other executable files.

But if a computer doesn’t have a third-party video card, then the proper DLLs won’t be found or loaded. Researchers at security firm SafeBreach found that they could create rogue versions of AMD / ATI and Nvidia DLLs, modify the system-wide PATH environment variable to add new directories where they would place the rogue DLLs, and have Touchpoint Analytics choose and it will load the rogue DLLs. DLL.

This type of DLL change is known as DLL injection, and it causes a program to do things that it shouldn’t. PC gamers sometimes use DLL injection to cheat in games, and malicious hackers can use it to make a program execute malicious code. (DLL injection works on Mac and Unix / Linux systems, as well as Windows.)

Because Touchpoint Analytics runs at the system level, it can do anything on a Windows system, which means that any malware loaded onto it via DLL injection can do it too.

So why do we care? Because…

The problem is that on a standard HP Windows machine using the default PATH variable, none of this is possible unless you already have administrative privileges. But of course, if you already have administrative privileges, you can install malware anyway. So you may be wondering what the protest is.

Responding to a question from Laptop, Hadar said that the extent of the vulnerability “depends on the PATH environment variable of the victim’s operating system.”

In other words, if a machine has existing modifications to the PATH environment variable, Touchpoint Analytics, or Open Hardware Monitor implementations on other systems, they could load malicious DLL files from non-system directories. That would allow a user with limited privileges, or malware installed by a limited user account, to inject a malicious DLL at the system level.

“We have seen some cases where this vulnerability was exploited by a user who was not an administrator, because a particular folder on the PATH was not an administrator,” Hadar told us.

Hadar and SafeBreach found a very similar flaw earlier this year on Dell machines that was also caused by a diagnostic service using third-party software.

  • Protect your computer with this simple trick
  • Best Windows Antivirus Software
  • New vulnerability in Windows 10 could allow hackers to gain full access to your PC


Leave a Reply

Your email address will not be published.