- Jan 6, 2017
- 835
Report shows why using a quality antivirus is vital.
The past year has seen hacking events and accusations of unheard of proportions, everything from possible interference in foreign elections to hacking the CIA. It was a year in which Kaspersky Lab came under a lot of attack, even to the point of being banned from more than one government’s computers due to ties to the Kremlin and aiding in spying.
While those accusations are plausible but still not entirely proven, a new report from the New York Times outlines exactly the software we think is protecting us from malicious outsiders may actually be opening the door. It’s also something, as the report indicates, that can be done with or without help from the software developer; all it takes is a hacker gaining access inside the developer’s network to step right over to your computer.
NYTimes report shows how AV software can be turned into spyware.
Former hacker
One former hacker turned security analyst demonstrated how it’s done. The researcher states he was less interested in who was behind the current allegations, and more simply, could it actually be done. Could AV software be manipulated in such a way that it would be “triggered” by keywords in classified documents, then latch onto those documents in much the same way that it seeks out and removes viruses and malware.
The answer appears to be yes. As Digita Security’s chief research officer Patrick Wardle demonstrated for the article, key phrases could be programmed into Kaspersky products–and presumably other titles, although Kaspersky AV products are at the heart of the allegations–in the same way that malicious code is sought.
Ultimate tool?
According to the Times, AV software could be the “ultimate” tool for cybercriminals.The very function of anti-virus software is to allow the developer to seek out items from customers’ computers and then upload it to their servers for further inspection. It’s literally how signatures for new threats are discovered, and without that process, eliminating a new virus from one customer’s computer won’t protect any other customers. But once the information is uploaded to the AV company’s servers, that’s when hackers can help themselves.
The past year has seen hacking events and accusations of unheard of proportions, everything from possible interference in foreign elections to hacking the CIA. It was a year in which Kaspersky Lab came under a lot of attack, even to the point of being banned from more than one government’s computers due to ties to the Kremlin and aiding in spying.
While those accusations are plausible but still not entirely proven, a new report from the New York Times outlines exactly the software we think is protecting us from malicious outsiders may actually be opening the door. It’s also something, as the report indicates, that can be done with or without help from the software developer; all it takes is a hacker gaining access inside the developer’s network to step right over to your computer.
NYTimes report shows how AV software can be turned into spyware.
Former hacker
One former hacker turned security analyst demonstrated how it’s done. The researcher states he was less interested in who was behind the current allegations, and more simply, could it actually be done. Could AV software be manipulated in such a way that it would be “triggered” by keywords in classified documents, then latch onto those documents in much the same way that it seeks out and removes viruses and malware.
The answer appears to be yes. As Digita Security’s chief research officer Patrick Wardle demonstrated for the article, key phrases could be programmed into Kaspersky products–and presumably other titles, although Kaspersky AV products are at the heart of the allegations–in the same way that malicious code is sought.
Ultimate tool?
According to the Times, AV software could be the “ultimate” tool for cybercriminals.The very function of anti-virus software is to allow the developer to seek out items from customers’ computers and then upload it to their servers for further inspection. It’s literally how signatures for new threats are discovered, and without that process, eliminating a new virus from one customer’s computer won’t protect any other customers. But once the information is uploaded to the AV company’s servers, that’s when hackers can help themselves.
Last edited:
