|
A team of security researchers has discovered a vulnerability in Echo, an anti-cheat and cheater detection software advertised to gaming companies. The vulnerability (named EchOh-No) resides in the tool's kernel driver and can be exploited by attackers to gain SYSTEM privileges. The research team says they tried to disclose the vulnerability to the Echo team, but they were mocked and banned from their Discord channel. Write-up: https://ioctl.fail/echo-ac-writeup/ 6 comments
 @campuscodi and after this writeup I threw the driver in IDA and found another vuln, to escalate a process to protected process or protected process light i found the same vulnerability in battleye some time ago, which is why lots of bedaisy.sys got added to MS vulnerable driver blocklist thread with jokes and discussion about how bad this echoac driver is: https://haqueers.com/@Rairii/110720082166451464 @campuscodi I think the response to the bs from the devs and the company was appropriate. πππ βOne thing to note is that the driver does not have a "write" function, but you can simply flip the to and from address parameters to "read" your data buffer into another program just fine.β Oh good grief. |
Gregory's Server
@campuscodi I wish I was surprised. As the years go by, I get more and more disappointed with the computer tech industry in general. Not just for security issues, but that is often the issue. Companies that make security products, from my experience, sometimes have a similar attitude as that chat snippet in the article. Everyone ways their stuff is secure, just like everyone is an above average driver.