dc.description.abstract | A tweet on a newly found vulnerability in the Razer Synapse software in 2021
sparked a discussion on how Windows installs drivers. Additional vulnerabilities
were quickly found in another application, but the findings seemed to stop there.
As a result, it is possible that some vulnerabilities have gone undiscovered, and it is
time that one takes a second look at how drivers in Windows are installed and the
possible vulnerabilities that are introduced.
In this thesis, the installation chain of USB drivers is investigated in terms of
vulnerabilities, specifically those introduced by third parties. For example,
companies can provide their drivers and software that will automatically launch
upon insertion of a USB device. Furthermore, they might introduce an attack
vector to gain additional privileges in doing so.
The enumeration framework is developed together with Netsecurity and will be
used to find vulnerabilities in third-party installers. This framework will be run in
their data centre, and findings will be reported to the vendors as soon as they are
verified.
In order to find vulnerabilities, an enumeration framework has been designed and
built. This framework splits the installation process into two sections, where the
first section is automated and the second is manual. Automated enumeration of
USB descriptors is done using Qemu and device emulation in software. An attack
framework outlining the possible vulnerabilities will be used to process the findings
of the automated section. Furthermore, this framework has made findings in terms
of vulnerable applications | |