Players rave and rant about the wonders of kernel level anti cheats, and how games like Valorant barely have any cheaters compared VAC secured Counter Strike...
You’re missing the point of what he is saying. The anti-cheat itself runs in a level with extreme access to anything on your computer. The anti-cheat is like almost all software almost certainly exploitable. You are trusting that no one will ever crack Vanguard in a way that exposes your user data, and that Riot will never change it to collect more than you think they are.
You’re 100% right. Not only can they steal data, but they could use kernel level access to make your hardware misbehave, perhaps even to the point of damage. They could probably trash a hard disk or GPU for instance. It also gives them a locally controlled device on whatever network you’re on. From there they can weaponise their new access to attack other devices on the network, or cause the network itself to fail.
It just goes to show how dangerous this is, that even a programmer and security enthusiast like myself forgets to mention a huge chunk of the possible damages.
It’s a driver.
Here the attacker installed the driver after gaining remote access.
So it’s not actually anything to do with having the game installed.
But it’s still a massive problem.
You’re missing the point of what he is saying. The anti-cheat itself runs in a level with extreme access to anything on your computer. The anti-cheat is like almost all software almost certainly exploitable. You are trusting that no one will ever crack Vanguard in a way that exposes your user data, and that Riot will never change it to collect more than you think they are.
Not even about user data, this is just the side dish. You have complete control over the system and spy on, and probably even can do, whatever
You’re 100% right. Not only can they steal data, but they could use kernel level access to make your hardware misbehave, perhaps even to the point of damage. They could probably trash a hard disk or GPU for instance. It also gives them a locally controlled device on whatever network you’re on. From there they can weaponise their new access to attack other devices on the network, or cause the network itself to fail.
It just goes to show how dangerous this is, that even a programmer and security enthusiast like myself forgets to mention a huge chunk of the possible damages.