Has The NSA Hacked Your Security Software?
Category: Anti-Virus
According to new documents released by Edward Snowden, the NSA and its British counterpart have, for several years, been hacking away at popular consumer security programs in order to subvert their protections. Read on to find out if your anti-virus protection is actually the WEAKEST link in your security chain...
The Weakest Link?
Snowden's latest bombshell that government spy agencies may be targeting and subverting the very software we rely on to secure our computers is unwelcome news. But this disturbing revelation has led to another.
At least one security researcher claims that the software millions depend upon to protect them from hackers is actually more vulnerable to hacking than notorious hacker targets such as Adobe Reader, Microsoft Word, Google Chrome, and others.
The leaked documents include NSA internal communications and correspondences with the UK’s Government Communications Headquarters (GCHQ). They reveal that the spy agencies have long sought to reverse-engineer Kaspersky Lab’s Internet Security suite and other widely used anti-malware/anti-hacking products. Kaspersky alone claims more than 270,000 corporate clients and 400 million individual users worldwide.
Antivirus Hacking
Besides reverse-engineering, the spy agencies have eavesdropped on communications between installed copies of security programs and their developers, gleaning intelligence from the malware reports and error messages that these programs send home. They’ve also intercepted customer support emails between security software vendors and corporate clients that could aid in subverting security software.
Security software is an especially valuable target to hackers because such products typically have high-level privileges on the host machine. If a hacker can infiltrate a security product, he usually gets instant control over the entire system in just one fell swoop. Hacking a less-privileged program may require additional steps to gain the desired access privileges.
But Wait, There's Less!
Here’s the second alarming news. Joxean Koret, a researcher with Coseinc, a Singapore-based information security consultancy, told The Intercept: “Anti-virus products, with only a few exceptions, are years behind security-conscious client-side applications like browsers or document readers. It means that Acrobat Reader, Microsoft Word or Google Chrome are harder to exploit than 90 percent of the anti-virus products out there.â€
Ironic, isn’t it? It’s a case of “who’s watching the watchers?†A set of slides that Koret used in an April 2014 security conference presentation goes into greater depth on the vulnerabilities of security software, and it’s surprisingly easy for non-technical readers to follow.
The 10 percent of antivirus products that are not so easily exploited include F-Secure, VIPRE, and Comodo AV. But even these programs contained at least on exploitable flaw, Koret discovered. Avast received kudos for two things: Having a "bug bounty" program which encourages researchers to look for exploitable flaws, and for quickly fixing one reported problem.
How Vulnerable Are You?
In my opinion, the big scary news here is not that the NSA and GCHQ probably know how to hack most popular security programs. It’s unlikely that they are after your personal system unless you’re involved in activities deemed “threats to national security.â€
No, the truly scandalous news (if everything in Koret's paper is accurate) is that anti-virus software actually "makes you more vulnerable to skilled attackers" because many security software developers aren't very good at what they do. His paper details rookie software errors, as well as poor development, review and testing procedures.
If there's a silver lining here, it's that Koret's paper was published over a year ago, with some detailed advice for anti-virus software companies. Hopefully, Koret’s research has received enough attention to pressure anti-malware developers into cleaning up their own houses. One can only hope.
