Tuesday, 4 August 2009

Researchers hijack computer during software update

Two researchers from Israeli security firm Radware have worked out a way to trick computers into downloading malware or take over a computer by hijacking the communications during the update process for Skype and other applications.

About 100 applications can be targeted, said Itzik Kotler, team leader of Radware's security operations center, before his presentation at the Defcon conference in Las Vegas.

Kotler and colleague Tomer Bitton are releasing a tool called Ippon (which means 'game over' in Judo) that enables the attack and offers a 3D view of potential victims on a network.

With the tool, an attacker can scan a Wi-Fi network for computers checking for new updates via HTTP (Hyper Text Transport Protocol). If the system detects a computer sending a software-update request, the tool replies before the app update server can respond, Kotler said.

Ippon customizes messages for the particular application and sends a message indicating there is an update available even when the system already has the most recent legitimate update, he said. A malicious file is then downloaded from the attacker's server onto the victim's computer.

The researchers said they had not tested whether Firefox or other major browsers are vulnerable. Microsoft software is not vulnerable because it uses digital signatures in its update process, which all software updates should, Kotler said. People should be careful when using public Wi-Fi networks and avoid doing software updates on them, he said.

"You have to assume when on a public infrastructure that the infrastructure can be attacked," he added.

There is also the possibility that someone could spread an "airborne virus" via software updates that uses victim machines to attack and infect other machines on a network, according to Kotler.

This article was originally posted on CNET News.

No comments: