Windows Defender & Kaspersky could be tricked into deleting databases

Oggiman

Moderator
Staff member
Moderator
Premium Member
Joined
Dec 4, 2010
Messages
1,299
Reaction score
1,873
Microsoft and Kaspersky’s security products can be tricked into deleting legitimate files, possibly bricking entire applications, experts have warned.

Cybersecurity researchers from SafeBreach discussed their findings during the Black Hat Asia conference in Singapore.

However, not everyone agrees with the researchers, and while Microsoft did acknowledge their findings to some extent, it ultimately decided not to pursue them any further.

The researchers - Timer Bar and Shmuel Cohen - explained that the problem stems from the fact that both Microsoft and Kaspersky use byte signatures to detect malware. Byte signatures, The Register explains, are unique sequences of bytes in file headers, and should a hacker add them to a legitimate file, the security solutions will flag them as malicious.

In theory, hackers would be able to delete people’s files remotely. For example, they could register as a new user on a website and add the byte signature to their name. The signature would make it into the database, tricking the security program to delete the entire thing. In another example, an attacker could add the signature to a comment of a video.

Read HERE
 
Back
Top