Jump to content
exile360

Kernel Level DRM driver in new game

Recommended Posts

Posted (edited)

It seems some developers never learn, as video game producer Riot Games implements a kernel level driver in their upcoming title Valorant that runs on system boot to attempt to protect their games from cheaters.  Similar to the rootkit Sony once installed on customers' PCs to copy protect their audio CDs (references about that may be found herehere and here), this driver will run from Ring 0 which is the most privileged, lowest level a driver or application can run from, giving it much more access to the operating system itself as well as all the applications that run on it, which in turn could present an attack surface for exploits should any vulnerabilities be discovered in the code being used for the driver.  That potential for risk is one of the primary reasons Microsoft (as well as Apple, Google and everyone else that publishes operating systems) have been pushing developers to have their applications run strictly in user mode, the least privileged level of access for applications in memory, whenever possible and also why users are encouraged to use limited user accounts (which Microsoft have taken upon themselves to rename to 'standard user accounts', likely in an effort to influence more users to configure their user accounts this way) to help mitigate risk and why technologies like User Account Control were developed in order to isolate and protect access to certain levels of permissions to make infection by malware more difficult for the bad guys.

At this point I am unaware of any known vulnerabilities in the driver being used by Riot Games, however given the choice, I likely won't be purchasing any of their titles which include such drivers as I prize my system's stability and security over such amusements.

You can read Ars Technica's article on the subject here.

Edited by exile360

Share this post


Link to post
Share on other sites

Because of the existence of Ghidra, it's a lot easier to poke these things for vulnerabilities. Be it somebody just trying to defeat the DRM so that they can play their game in safety, or somebody actually looking to exploit other systems which have that DRM installed.

Share this post


Link to post
Share on other sites

As such, I feel it is paramount that we start trying to spread as much awareness as we can about the dangers of kernel-level DRM, and pressuring publishers/developers to stop using it. We live in an age where zero-day exploits for even the most secure software are always right around the corner, waiting to strike like some danger noodle.

Share this post


Link to post
Share on other sites

On the subject of Ring 0 versus Ring 1, the x86 instruction set architecture also has two other rings, which are rarely used except in the case of IBM's OS/2. Because they are so rarely used, AMD got rid of them when creating the x86-64 ISA. Not such a smart move, IMHO.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.