Vulnerabilities Exposed in Asus and Gigabyte's RGB Managers

Credit: AsusCredit: Asus

People love covering their systems with enough pretty lights to make New Year's Eve in Times Square look dim by comparison. Manufacturers then have to give people ways to control those lights, which is why so many have introduced their own RGB lighting management tools. Now a researcher has ruined the festivities by exposing vulnerabilities in drivers installed by Asus Aura Sync and Gigabyte's lighting management tools.

The security flaws in these drivers were discovered by Diego Juarez and disclosed by SecureAuth. They don't appear to reside in the lighting management tools proper--all of them were found in drivers installed by those platforms. The disclosures said the vulnerabilities affect the GLCKIo and Asusgio drivers installed by Asus Aura Sync as well as the GPCIDrv and GDrv drivers bundled with some of Gigabyte's products.

SecureAuth said the vulnerabilities in both companies' drivers can be used by a local attacker to escalate privileges. That essentially means the flaws won't be exploited to compromise a system directly, but if someone's already gained access to a target system, they can use these RGB lighting tools to gain more power over it. It's kind of like finding a key to a safe after breaking in the front door, but with 16.8 million colors.

It's not clear when Juarez shared the vulnerabilities with SecureAuth, but the security firm said it made initial contact with Asus in November 2017 and Gigabyte in April 2018. It then went back and forth with both companies for several months. Asus released several versions of Aura Sync in that time that didn't address the vulnerabilities or only addressed one of them; Gigabyte eventually said its products weren't affected by the flaws.

These are the versions of both companies' utilities confirmed to be affected by the vulnerabilities:

  • ASUS Aura Sync v1.07.22 and previous versions
  • GIGABYTE APP Center v1.05.21 and previous
  • AORUS GRAPHICS ENGINE v1.33 and previous
  • XTREME GAMING ENGINE v1.25 and previous
  • OC GURU II v2.08

SecureAuth noted that other versions could be affected by the vulnerabilities, however, it simply hasn't checked. Just don't be surprised if similar vulnerabilities are discovered in other RGB lighting platforms or even these same ones. The more popular these utilities become, the more attractive they are to hackers, and right now the rush to add RGB to all of the things doesn't show any signs of slowing down.