MS usually don't bother with driver audit... They mostly rely on EV certificate to check driver dev is a proper legal entity.

If they audit properly, they should not let the Asus AuraSync driver certified at the first time. (basically opens PORT instruction to every userland app, unristricted)

I think someday, almost all aimbots will be undetectable by anti-cheat systems.

Thanks to the neural network, we have made enormous progress in the computer vision domain. As a byproduct, it invalidates the method we use to separate machines from humans (the image-based CAPTCHAs).

I guess aimbots will switch to CV-based systems to detect enemies rather than dumping game memory to find the enemy's position. This change will force anti-cheat systems to perform an automated Turing test, which is hard. (Telling the bot and human apart only by watching the replay is much more challenging compared to the above CAPTCHA problem. And we are currently losing at the CAPTCHA frontline, too.)

I don't think it will work. Nothing can prohibit users from desolder the stick and putting a microprocessor with DAC in place of them.

Actually, those kinds of mod is frequently performed by gamers, because lots of people wants to replace analogue potentiometer with hall-effect sensor with microprocessor, which provides much more durability compared to the Alps potentiometer stick. (and no one likes to play with a drifting Dualsense or Joy-Con)

At the end of the day, as long as there is player input, cheaters always can simulate it/enchance it.

But the deeper your anticheat detection, the higher friction there is for cheater.

Having to get extra hardware/modify existing one is a huge leap in friction, and probably filters out an overwhelming majority of wannabe cheaters

It is not important Zoom is a Chinese company or not. The problem is, Zoom can't be trusted at all because of their behavior.

They showed us they don't think security seriously at all through their actions. For example, they opened up lots of holes(local HTTP server to bypass app open dialogue, local privilege escalation via their webcam/mic hack) on the user's system to provide "better" UX. They just cannot be trusted.

ESP32 theoretically can provide all of the hardware requirements (WLAN monitor mode, BLE) but there is one missing part:

> Triggering macOS/iOS receivers via Bluetooth Low Energy. Apple devices start their AWDL interface and AirDrop server only after receiving a custom advertisement via Bluetooth LE (see USENIX paper for details). This means, that Apple AirDrop receivers may not be discovered even if they are discoverable by everyone.

If someone reverse engineer BLE advertisement, yes they can build such hardware.

The reverse engineering was already done and everything is described our the paper (https://www.usenix.org/conference/usenixsecurity19). We just have not implemented it yet.

This has been reversed - see https://hexway.io/blog/apple-bleee/

Thanks, I did not know about this; looks like something fun to play with :)