Results tagged “security” from International Beat

Having exploited scores of security measures adopted by experts to make IT networks secure, hackers have started riding on antivirus software as well to sneak into computers and networks.

iViZ, an Indian information security company that offers penetration and vulnerability testing for Applications and Networks has just discovered a new technique that hackers and e-criminals are using these days to break into computers -- crashing the antivirus software itself.

iViz says hackers have developed codes that can make antivirus software crash and create a loophole in the network, which then can be used to nestle a malicious code in a computer. The company says that so far, it has spotted 6 popularly used antivirus software products, both commercial and open source, which hackers have been able to break into. These are AVG, F-Secure (F-Prot), Sophos, ClamAV, BitDefender and Avast.

Explaining how hackers trespass a seemingly secure system and break into it by exploiting its antivirus software, Bala said that an attacker crafts an email with malicious payload first and sends it to the target user. As the vulnerable antivirus software scans the email, the malicious code crafted specifically to exploit that antivirus, either crashes the antivirus software or executes an arbitrary code, to go around security and implant another malicious code into the computer.

"Once this malicious code is nestled in a computer, the attackers can use it to steal information or cause a denial of service 'condition," said Bala Girisaballa, vice-president (head of product management & marketing), iViz

A dedicated research team at iViz, which conducts extensive research on attack techniques and checks robustness of applications and networks stumbled upon the vulnerabilities by trying to penetrate networks protected by popular commercial and open source antivirus software products.

Using a variety of file fuzzing techniques, the team discovered abnormal behavior in these products while handling complex or unusual executable header data, especially in the case of executables packed with 3rd party packers like UPX, FSG etc.

Multiple bugs were found in those six antivirus software, some of which proved to be vulnerable enough to make the antivirus itself a back door for hackers. "So far we have come across six that we have named, but there may be more which we haven't been able to identify yet," says Bala. "The makers of the affected antivirus software vendors have been informed. Many admitted [the problem] but we have also faced denial."

According to iViz, although home computers are affected most by this breach, companies and businesses, as well as government departments are also highly susceptible to its risks.

Indeed, e-criminals always manage to remain a step ahead, don't they? And their turf keeps expanding not sparing even the big-daddy security experts. For instance, yesterday, in another shocking revelation Microsoft announced that there is a security flaw in its Internet Explorer 7, the world's most popular Web browser.

This flaw, like those in antivirus products allows criminals to take control of computers and steal personal information.  "We are actively investigating the vulnerability that these attacks attempt to exploit," Microsoft said in a statement. "We will continue to monitor the threat environment and update this advisory if this situation changes."

Microsoft added that about 0.2 per cent of Internet Explorer users have already been affected by the flaw.

The ongoing tussle between India's security agencies and the department of telecom (DoT) on one side and BlackBerry's maker Research-In-Motion may be resolved; at least that's how it looks.

According to local reports, the Indian government has finally been able to decrypt the data on BlackBerry's local networks, a feat that has come after over six months of acrimony between the country and RIM. The DoT and security agency National Technical Research Organisation (NTRO) have conducted successful tests on local service providers like Bharti Airtel, BPL Mobile, and Vodafone-Essar networks for interception of Internet messages from BlackBerry to non-BlackBerry devices. And interestingly, this has been achieved not without the consent of RIM, but with its help.

According to an NTRO source -- who has requested anonymity -- the Indian government have successfully tested the decompression techniques that have been worked out on "some Blackberry" service providers' networks although the Indian government haven't started cracking the networks yet.

If these claims are true, they not only mean that all email messages and SMSs sent out of Blackberry handsets in India would be under government surveillance (and thus no longer be exclusive for the users), but I believe it would also be the first instance for a government being able to snoop on Blackberry data.

RIM's security policy that does not allow any third party or even the company to read the information transferred over its network, is one of the most redeeming feature of Blackberry, making it one of the world's most popular communication tools.

BlackBerry, the revolutionary push email service, has faced a number of controversies in its decade of existence. But perhaps never has Blackberry faced the ire of a country's government for the commercial arrangement it has with telecom operators of the country.

Six months back, the DoT clamped down on RIM for entering into a "routing arrangement" -- and not a "hosting arrangement" as required under the Indian law - with the Indian BlackBerry service providers.

A routing agreement allows communications between BlackBerry owners in India to be hosted on servers outside the country, thereby bypassing the networks of Indian mobile operators and directly hit RIM's servers in Canada. In a hosting agreement the data resides on servers of Indian BlackBerry service providers. Since a routing arrangement does not lawfully allow India's national security agencies to intercept BlackBerry data, DoT wanted either the Indian service operators to create a mirror image of all emails and data sent on these devices in India, saving it for a minimum of six months, or, for RIM to move its servers to India.

DoT believed that Blackberry had emerged as a "security threat to the country," because communications through BlackBerry devices could not be intercepted by anyone. Thus, it could become a favorite tool for terrorists.

But neither RIM nor the Indian telecom operators were willing to accept these conditions, and the growth of Blackberry in India was in a state of limbo as the industry feared that the DoT might ban Blackberry services outright.

Nevertheless, even as NTRO sources claim encryption solution that India has worked out is solely for the security agencies' use -- and not to be shared with any others -- the moot question is whether India is justified in insisting on snooping on BlackBerry data?

According to local Cyberlaw expert Pavan Duggal, although the Indian IT Act 2000 does extend the power to intercept information to the Government, it is not clear whether the law allows for such sweeping surveillance.

Moreover, "Right from consumer banking transactions to enterprises exchanging data between different offices to government organizations -- all use encryption technology in one form or the other," says Alok Shende, the India-based Head, IT & Telco, Datamonitor. "Any initiative to dilute the right of business and consumers to use encryption technology will perforce lead to increased vulnerability for businesses on one hand, and loss of privacy to consumer on the other."

Meanwhile, what is clear though is that the warring factions -- DoT, NTRO, etc and RIM -- have indeed been able to work out a truce of some sort. Two more service providers -- Reliance Mobile and Tata Teleservices -- expanded Blackberry's market in India by launching their services with the latest Blackberry handsets.

Photo by Phil Robinson Creative Commons License Attribution-Noncommercial 2.0 Generic