Slashdot Mirror

← Back to Stories (view on slashdot.org)

LG Split Screen Software Compromises System Security

Posted by Soulskill on from the low-grade dept.

jones_supa writes: The Korean electronics company LG ships a split screen tool with their ultra wide displays. It allows users to slice the Windows desktop into multiple segments. However, installing the software seriously compromises security of the particular workstation. The developers required administrator access for the software, but apparently they hacked their way out. The installer silently disables User Account Control, and enables a policy to start all applications as Administrator. In the article there is also a video presentation of the setup procedure. It is safe to say that no one should be running this software in its current form.

4 of 187 comments (clear)

  1. Re:Chinese or Indian Devs? by MichaelSmith · · Score: 1, Interesting

    Korean more likely. Software architectures of theirs I have seen are a mess of hacks and patches.

    --
    http://michaelsmith.id.au
  2. Re: Reminds me of Sony's rootkit by Anonymous Coward · · Score: 2, Interesting

    The same CxO that says "hmmmm... I'm gonna leave this company in a vulnerable position, but I will make my bonus!"

  3. Re:For when you're too cheap to buy two monitors! by epyT-R · · Score: 1, Interesting

    Those who've actually done it know that it's actually more productive than multiple displays because of less eye panning. You can see more in less space. I had a high res 21" crt which, with the software back then, was far more productive for me than having two of today's 1080p monitors and the modern software UI designs he talks about.

  4. They didn't have to by kilogram · · Score: 3, Interesting

    There are ways to work around UAC without disabling it in this case. I know, because I wrote MaxTo, which does much the same things, and works with software running under UAC.

    If you want MaxTo to work with UAC, you'll need to run MaxTo elevated. If you say deny elevation, it simply won't work with elevated software.

    I'm pretty sure LG just took the "easy way" out (or they may have nefarious purposes, but I won't speculate), instead of figuring out how to communicate between elevated and non-elevated processes.

    To do this sort of thing, you'll need to divide your software into a few parts. First and foremost, you'll need to install a global system hook. That hook has to be written in unmanaged code (meaning C/C++). You'll need software that controls the hook (but it can be written in a managed language). Now, both the controlling software and the hook has to be compiled as both x64 and x86 code. They will probably also have to communicate with eachother across the x86/x64 platform boundary.

    Now, to get the software to communicate (using window messages) across the UAC boundary, you have to specifically let Windows know which window messages your app will accept from the other side. This is probably the step they missed. You do this by using ChangeWindowMessageFilter or ChangeWindowMessageFilterEx .