Breaking story, more to come.
P.S. Hm, I remember saying recently that the SaviTech USB audio drivers were the worst drivers I'd ever used.
P.P.S. I remember several years ago arguing with a manufacturer about the negatives to using custom drivers rather than USB Class 2 drivers built into the operating system. Looks like another vote for native OS drivers.
Thanks to Twitter user John Doyle for notifying me about this one.
Savitech Audio Drivers Caught Installing Root Certificate
"Savitech drivers used by several companies that provide specialized audio products expose computers to hacker attacks by installing a new root certificate into the Trusted Root Certification Authorities store in Windows.
The USB audio drivers from Savitech, a company that offers application-specific integrated circuits for audio and video solutions, are used by several vendors. The CERT Coordination Center lists products from Accuphase, AsusTek, Audio-Technica, Creek Audio, EMC, FiiO Electronics, HiFime, Intos, JDS Labs, McIntosh Laboratory, ShenZhen YuLong Audio, Stoner Acoustics, Sybasonic, and TeraDak Audio as possibly being affected."
Here's the complete story from Eduard Kovacs at Security Week > LINK