- Joined
- Dec 4, 2010
- Messages
- 1,168
- Reaction score
- 1,664
Microsoft and Kaspersky’s security products can be tricked into deleting legitimate files, possibly bricking entire applications, experts have warned.
Cybersecurity researchers from SafeBreach discussed their findings during the Black Hat Asia conference in Singapore.
However, not everyone agrees with the researchers, and while Microsoft did acknowledge their findings to some extent, it ultimately decided not to pursue them any further.
The researchers - Timer Bar and Shmuel Cohen - explained that the problem stems from the fact that both Microsoft and Kaspersky use byte signatures to detect malware. Byte signatures, The Register explains, are unique sequences of bytes in file headers, and should a hacker add them to a legitimate file, the security solutions will flag them as malicious.
In theory, hackers would be able to delete people’s files remotely. For example, they could register as a new user on a website and add the byte signature to their name. The signature would make it into the database, tricking the security program to delete the entire thing. In another example, an attacker could add the signature to a comment of a video.
Read HERE
Cybersecurity researchers from SafeBreach discussed their findings during the Black Hat Asia conference in Singapore.
However, not everyone agrees with the researchers, and while Microsoft did acknowledge their findings to some extent, it ultimately decided not to pursue them any further.
The researchers - Timer Bar and Shmuel Cohen - explained that the problem stems from the fact that both Microsoft and Kaspersky use byte signatures to detect malware. Byte signatures, The Register explains, are unique sequences of bytes in file headers, and should a hacker add them to a legitimate file, the security solutions will flag them as malicious.
In theory, hackers would be able to delete people’s files remotely. For example, they could register as a new user on a website and add the byte signature to their name. The signature would make it into the database, tricking the security program to delete the entire thing. In another example, an attacker could add the signature to a comment of a video.
Read HERE
