Futaba _ Webs πΈπΈππΈπΈ
The Kernel πΈπΈππΈπΈ
Todayβs article is going to focus on the new update from Steam, a platform for PC gaming. They recently announced that from this moment forward, game developers are REQUIRED to disclose whether or not their game REQUIRES kernel level Anti-Cheat software. This is critical from both a competitive gaming standpoint, as well as a security standpoint.
π Article π Glossary π Catalog π Home π Search Modeπ Article Glossary
πΈ Synopsis πΈ
Todayβs article is going to focus on the new update from Steam, a platform for PC gaming. They recently announced that from this moment forward, game developers are REQUIRED to disclose whether or not their game REQUIRES kernel level Anti-Cheat software. This is critical from both a competitive gaming standpoint, as well as a security standpoint. This article was inspired by Stacey Lokey-Day who brought up the matter in her latest video that just dropped today! Iβll leave a comment for it in the comment section below! The goal for todayβs article is to explain WHY they now require game developers to disclose this information, as well as the overall dangers of allowing ANY form of software to have said level of access to your system. Itβs not often talked about enough, but the level of access you give applications on your system can be something threat actors take advantage of to compromise a system. Iβm also going to dive into what a Kernel is so that you can easily follow along and UNDERSTAND why theyβre now implementing this!
πΈ Article Topics πΈ
I'll be discussing the following topics in order: π The Kernel π Kernel Level Access π What Does This Have to do with CrowdStrike? You can click on any of the topics to simply check that one out if it interests you! NOTE: Articles are read from LEFT to RIGHT via 2 columns! Read the first column all the way down and then move to the next one!
πΈ Key Links πΈ
Here's a quick run down on all the main links that are in the article in case you want to check them out first. π LinkedIn Version
π The Kernel
The Kernel πΈπΈππΈπΈ
You hear this term thrown around a lot, but not many really dive into the specifics of what a kernel is.
A Kernel is the overall biological makeup of an Operating System which dictates any and all hardware/software calls on the system, allowing them to communicate with one another.
For example, when you enter a keystroke on your keyboard, there are virtual key functions programmed on the lowest level of the system that read your input, the binary data, which is then converted to output, the text that you see on the screen. Keyboard injections for example, manipulate the Virtual keys of the system in order to have it execute tasks for rubber ducky exploits. Even stuff like: hitting the power button, pressing the eject button on the CD tray, EVERYTHING, is a part of the kernel and is a function call that belongs to the original programming of the OS system.
Another example, although this is not considered a kernel, would be an API, which is a program that is designed to automate a specific task: ChatGPT API, Windows API, etc. You can write code that controls the API, which if, depending on the API itself like the Windows one for example, would allow you to not only control the core functions of said software it was designed for, BUT, the kernel of the system itself!
Another way to think of a kernel would be all the function calls that exist in your program that you wrote which are callable at any time during execution of the program. Does that make sense?
Kernel Level Access πΈπΈππΈπΈ
Now that you know what kernel is, letβs dive into what Kernel access is and what it means when you give a program access to that level of privilege on your system.
Kernel level access is just that, the highest level of privilege you can achieve on a system. Everything I just mentioned about kernels, when you give a program access to it, should threat actors compromise anything on your system that has that level of access, they can do whatever they want with your system. It can even allow seamless backdoor access for hackers if they wanted to install one on your system.
What Does This Have to do with CrowdStrike? πΈπΈππΈπΈ
CrowdStrike was a PERFECT example of WHY you shouldnβt allow kernel level access, which is WHY Stacey brought it up in her video!
Because CrowdStrike allowed Kernel level access, any software failures that could have lead to registered hardware/software crashes which did happen, was plausible due to this level of access, causing a widespread of blue screens of deaths that LITERALLY shut down 8.5 millions of systems, DOSing many as well as causing issues with data mirroring that might have been in place and a lot more. For medical systems, if any of them were tied to life support, this would mean the death of many that were put on it.
The level of access you give an application to a system DOES matter and could be the very thing that causes a security breach!
If you enjoyed this post give it a thumbs up! Iβll be keeping track of whose reacting from now on as there is a βspecialβ reason for it. Just know the more you support my content the more there is in stored!
- The Hacker Who Laughs πΈπΈππΈπΈ
