Jump to content
Computer Audiophile
  • The Computer Audiophile

    USB Audio Driver Security Risk

    Breaking story, more to come.

     

    P.S. Hm, I remember saying recently that the SaviTech USB audio drivers were the worst drivers I'd ever used.

    P.P.S. I remember several years ago arguing with a manufacturer about the negatives to using custom drivers rather than USB Class 2 drivers built into the operating system. Looks like another vote for native OS drivers. 

     

     

     

     

    Thanks to Twitter user John Doyle for notifying me about this one. 

     

     

     

     

    Savitech Audio Drivers Caught Installing Root Certificate

     

    "Savitech drivers used by several companies that provide specialized audio products expose computers to hacker attacks by installing a new root certificate into the Trusted Root Certification Authorities store in Windows.

     

    The USB audio drivers from Savitech, a company that offers application-specific integrated circuits for audio and video solutions, are used by several vendors. The CERT Coordination Center lists products from Accuphase, AsusTek, Audio-Technica, Creek Audio, EMC, FiiO Electronics, HiFime, Intos, JDS Labs, McIntosh Laboratory, ShenZhen YuLong Audio, Stoner Acoustics, Sybasonic, and TeraDak Audio as possibly being affected."

     

    Here's the complete story from Eduard Kovacs at Security Week > LINK

    Edited by The Computer Audiophile


    User Feedback


    Good thing that the new drivers don't include the certificate.

    Quote

    Users have been advised to manually remove previously installed certificates.

     

    Maybe publicize how to remove the root certificate.

    Share this comment


    Link to comment
    Share on other sites
    14 hours ago, Ralf11 said:

    it's for medicinal use - we put it in the hot springs

     

    I think I need to get Donald Trump on the case, he knows all about The Nuclear...

    Share this comment


    Link to comment
    Share on other sites

    Exactly why home computers should have nothing, ..NOTHING, ..to do with audio, much less audiophilia. 

    get a box as far removed from computer madness as possible.

     

    All in one.  Plug and play.  Stream.  If you can read email and listen to music at the same time, you are wrong.

    Share this comment


    Link to comment
    Share on other sites
    9 hours ago, NOMBEDES said:

    Exactly why home computers should have nothing, ..NOTHING, ..to do with audio, much less audiophilia. 

    get a box as far removed from computer madness as possible.

     

    All in one.  Plug and play.  Stream.  If you can read email and listen to music at the same time, you are wrong.

    I love your certainty :~)

     

    I blame the HiFi companies for every day computers getting popular with audiophiles. We started using them because there was no alternative to purchase. Plus, many of the options available today are so dang expensive. Thus, email, web, and music reside in one :~|

    Share this comment


    Link to comment
    Share on other sites
    2 hours ago, The Computer Audiophile said:

    I love your certainty :~)

     

    I blame the HiFi companies for every day computers getting popular with audiophiles. We started using them because there was no alternative to purchase. Plus, many of the options available today are so dang expensive. Thus, email, web, and music reside in one :~|

     

    I know, I know, I just get so frustrated when stuff doesn’t work. Maybe the internet of things can get my refrigerator to play music with refrigerator reliability.

    Share this comment


    Link to comment
    Share on other sites
    Quote

    I remember several years ago arguing with a manufacturer about the negatives to using custom drivers rather than USB Class 2 drivers built into the operating system. Looks like another vote for native OS drivers.

     

    Just that those drivers for commercial OS like Windows and macOS severely lack in features, like native DSD support and such.

     

    Manufacturers just have to learn how to do their own drivers and do it properly. Software is as much part of the product quality as is the hardware design. They've just been slacking on software front. Some manufacturers have their own drivers and know how to do things, that gives them competitive advantage over some other vendors. Sometimes it is contracted work, sometimes they have in-house developers. Contracting software work is also art of it's own.

     

    From my perspective, it also looks like another vote for open source drivers and platforms like Linux, where the native OS drivers support features like native DSD... ;)

     

     

    P.S. From the story it looks like someone wanted to save a bit of money by not obtaining proper code signing key for Windows. It costs just a bit over 200€/year... Meaning that the installer of the driver probably wasn't signed either. And OS will warn you about that. I would advise to never execute unsigned installers on your computer... You can right-click on the installer, select Properties and then Digital Signatures tab to check who signed the package. If there's no Digital Signatures tab, it is unsigned.

    Share this comment


    Link to comment
    Share on other sites


    Create an account or sign in to comment

    You need to be a member in order to leave a comment

    Create an account

    Sign up for a new account in our community. It's easy!

    Register a new account

    Sign in

    Already have an account? Sign in here.

    Sign In Now

×