Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Critical flaw in ESET products shows why spy groups are interested in antivirus programs

Lucian Constantin | June 25, 2015
Several antivirus products from security firm ESET had a critical vulnerability that was easy to exploit and could lead to a full system compromise.

For the past several years there's been a push to limit the privileges of widely used software applications. Some programs like Google Chrome or Adobe Reader use sandboxing mechanisms, making it significantly harder for attackers to exploit remote code execution vulnerabilities.

However, antivirus products need to run with high privileges so they can effectively fight off threats, so it's very important that their code is solid, said Carsten Eiram, the chief research officer at vulnerability intelligence firm Risk Based Security, via email. Unfortunately that's often not the case and this allow attackers to gain full control of a system by exploiting a single vulnerability, without having to worry about bypassing sandboxes or escalating privileges, he said.

According to Eiram, 2.5 percent of the flaws recorded by Risk Based Security in its vulnerability database last year were for security products, including antivirus programs. The historical rate is 2.2 percent and that's significant considering that the total number of vulnerabilities reported per year exceeded 10,000 in recent years.

The Intercept reported Monday that the U.K. Government Communications Headquarters (GCHQ) filed requests in 2008 to renew a warrant that would have allowed the agency to reverse engineer antivirus products from Kaspersky Lab to find weaknesses. The U.S. National Security Agency also studied antivirus products to bypass their detection according to secret files leaked by former NSA contractor Edward Snowden, the news website reported.

Earlier this month, Kaspersky Lab announced that some of its internal systems were infected with a new version of a sophisticated cyberespionage tool called Duqu. The attackers, who the company strongly believes were state-sponsored, were after Kaspersky's intellectual property, including information on its latest technologies and ongoing investigations.

"It's neither new nor surprising that intelligence agencies are reverse engineering security products to find vulnerabilities, as well as ways to bypass their intended protection mechanisms," Eiram said. "It is, however, pretty concerning that they are also compromising security companies in order to steal intellectual property."


Previous Page  1  2 

Sign up for MIS Asia eNewsletters.