Sensor drivers, in general, do not have any access to memory that they did not own before being registered. For example, if a sensor registers a buffer that was copied from user memory, the sensor driver is the only one that could have done that. This could lead to a sensor driver reading from or writing to kernel memory that it does not own. This out of bounds read or write can result in a local denial of service in the sensor driver. Sensor drivers are not subject to the same code review standards as other code. One reason for this is that sensor drivers are often developed by networking and other non-kernel developers. Another reason is that sensor drivers are often developed by non-programmers. Sensor drivers are often developed by vendors and sensor hardware companies. Vendors and sensor hardware companies often do not follow the same coding standards as other developers. Vendors and sensor hardware companies often do not follow the same security standards as other developers. This means that the same code review standards and security standards that are normally used for other code might not be used for sensor drivers.

How do I know if my sensor driver is vulnerable?

It is hard to determine if a sensor driver is vulnerable. Sensor drivers often have more than one register that can be used for reading and writing data. This means that there are many ways for the sensor driver to be vulnerable.

If you are using USB and your application has not been approved, but the device you connected has been approved, then it's possible that you have a malicious or compromised sensor driver installed on your machine.
Sensor drivers can read from or write to kernel memory without due consideration of who owns that memory space. This results in denial of service vulnerabilities in these drivers which can lead to local code execution. This code execution would allow an attacker to gain control over the machine.

References

1. https://www.us-cert.gov/ncas/tips/ST04-018
2. https://deptofhacking.org/2016/09/06/using-the-kernel-to-attack-userspace
3. http://www.pcworld.com/article/3218295/software-programming-security/austrian-hackers-use-kernel-to attack userspace

What's a good sensor driver?

A good sensor driver protects against buffer overflows. A good sensor driver has code review and security standards at a level that is comparable to other drivers.

Timeline

Published on: 10/14/2022 19:15:00 UTC
Last modified on: 10/17/2022 20:45:00 UTC

References