Has The NSA Hacked Your Security Software?

Category: Anti-Virus

According to new documents released by Edward Snowden, the NSA and its British counterpart have, for several years, been hacking away at popular consumer security programs in order to subvert their protections. Read on to find out if your anti-virus protection is actually the WEAKEST link in your security chain...

The Weakest Link?

Snowden's latest bombshell that government spy agencies may be targeting and subverting the very software we rely on to secure our computers is unwelcome news. But this disturbing revelation has led to another.

At least one security researcher claims that the software millions depend upon to protect them from hackers is actually more vulnerable to hacking than notorious hacker targets such as Adobe Reader, Microsoft Word, Google Chrome, and others.

The leaked documents include NSA internal communications and correspondences with the UK’s Government Communications Headquarters (GCHQ). They reveal that the spy agencies have long sought to reverse-engineer Kaspersky Lab’s Internet Security suite and other widely used anti-malware/anti-hacking products. Kaspersky alone claims more than 270,000 corporate clients and 400 million individual users worldwide.
Antivirus Hacking

Besides reverse-engineering, the spy agencies have eavesdropped on communications between installed copies of security programs and their developers, gleaning intelligence from the malware reports and error messages that these programs send home. They’ve also intercepted customer support emails between security software vendors and corporate clients that could aid in subverting security software.

Security software is an especially valuable target to hackers because such products typically have high-level privileges on the host machine. If a hacker can infiltrate a security product, he usually gets instant control over the entire system in just one fell swoop. Hacking a less-privileged program may require additional steps to gain the desired access privileges.

But Wait, There's Less!

Here’s the second alarming news. Joxean Koret, a researcher with Coseinc, a Singapore-based information security consultancy, told The Intercept: “Anti-virus products, with only a few exceptions, are years behind security-conscious client-side applications like browsers or document readers. It means that Acrobat Reader, Microsoft Word or Google Chrome are harder to exploit than 90 percent of the anti-virus products out there.”

Ironic, isn’t it? It’s a case of “who’s watching the watchers?” A set of slides that Koret used in an April 2014 security conference presentation goes into greater depth on the vulnerabilities of security software, and it’s surprisingly easy for non-technical readers to follow.

The 10 percent of antivirus products that are not so easily exploited include F-Secure, VIPRE, and Comodo AV. But even these programs contained at least on exploitable flaw, Koret discovered. Avast received kudos for two things: Having a "bug bounty" program which encourages researchers to look for exploitable flaws, and for quickly fixing one reported problem.

How Vulnerable Are You?

In my opinion, the big scary news here is not that the NSA and GCHQ probably know how to hack most popular security programs. It’s unlikely that they are after your personal system unless you’re involved in activities deemed “threats to national security.”

No, the truly scandalous news (if everything in Koret's paper is accurate) is that anti-virus software actually "makes you more vulnerable to skilled attackers" because many security software developers aren't very good at what they do. His paper details rookie software errors, as well as poor development, review and testing procedures.

If there's a silver lining here, it's that Koret's paper was published over a year ago, with some detailed advice for anti-virus software companies. Hopefully, Koret’s research has received enough attention to pressure anti-malware developers into cleaning up their own houses. One can only hope.

Your thoughts on this topic are welcome. Post your comment or question below...

Ask Your Computer or Internet Question

  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Check out other articles in this category:

Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 25 Jun 2015

For Fun: Buy Bob a Snickers.

Prev Article:
Geekly Update - 24 June 2015

The Top Twenty
Next Article:
Who Has Your Back?

Most recent comments on "Has The NSA Hacked Your Security Software?"

Posted by:

25 Jun 2015

Well, that settles it; I've paid for security software for the last time. From now on, I'll just do a little research at the time and go with what I think is the best freeware available... Avast would be a likely candidate. I didn't pay a lot for the BitDefender that I'm running now, but apparently it's pointless to pay anything at all. I always wondered about the actual security software possibly being vulnerable to a direct attack; but since I'm simply computer literate, and certainly no expert, I just chalked that up as paranoia born of inexperience/lack of knowledge. Apparently, I should take my own judgment more seriously, more often.

Posted by:

Frank Cizek
25 Jun 2015

" A set of slides that Koret used..." Well, THAT'S DEPRESSING!

Posted by:

Phil Sevetson
25 Jun 2015

I actually don't find the age of that paper reassuring at all. It's been a year and we're not seeing any of the major vendors saying things like:

1) "Our communications from your computer back to our exploit-watching program are secured by an RSA 2048-bit encryption algorithm" or,
2) "We're providing updates to our software with the latest exploit patches every month" or even,
3) "We've patched all published vulnerabilities older than three months!"

For all the news that's being published about bot nets, identity theft attacks, and of course corporate data breaches resulting in loss of personal data, there's a really frightening lack of productive, publicly visible, proactive approaches to consumer computers' security outside of the browsers and Microsoft/Adobe (to who, definitely, we need to give props).

Posted by:

25 Jun 2015

Hi Bob and thank you for the wonderful service you provide to folks like me. You know how in Jurassic Park they say that "Life will find a way"? Well I think the same is true for the evil in men's hearts. If our own greed and selfishness don't get us, the bad guys will, but as long as there are folks like you out there looking out for us we still have a fighting chance. Thanks for stimulating me into thinking more deeply about what I'm doing.

Posted by:

Patrick McDonald
25 Jun 2015

Security agencies cast an alarminly wide net in their hunt for "security threats". In South Africa,anyone of an activist bent, violent or not, is checked. (http://www.bdlive.co.za/national/2015/04/28/spying-on-ordinary-people-a-violation-of-right-to-privacy-report-finds) PM Harper in Canada has just pushed through C51, which allows a secret police force, which answers only to him, to do what it likes. His enemies list includes Environmentalists, Native People, and progressives of any stripe. In your country past leaders of your ally France have been "tapped". National Security is used as a catch-all rationale for the current political leadership to harrass its foes, legal or not, and to cover up any information which might embarrass said leadership.

Posted by:

Danny G
25 Jun 2015

I guess I'm relatively safe with Avast A/V and Comodo firewall...

Posted by:

25 Jun 2015

You had ONE job...

Posted by:

John P. Jones
25 Jun 2015

Hi Bob ... In one Ed Snowden interview clip, from last year, I think, he recommended "Detekt" (https://resistsurveillance.org/), a tool to scan for government spyware. Would you please share your thoughts about Detekt..? We're in deep doo-doo when our "security" involves protecting ourselves from our own government. Thanks for all that you do!

EDITOR'S NOTE: Here's what I wrote about it last November: "Detekt is free software that detects whether your Windows device is infected with FinFisher or Hacking Team RCS, two commercially available spyware suites. Detekt is aimed at activists and journalists in the human rights fields, and is brought to us by Amnesty International, the Electronic Frontier Foundation, and Privacy International, and Internet-rights group Digitale Geselleschaft."


Posted by:

26 Jun 2015

I am trying to figure out what you are trying to tell me Mr. Rankin: You mean to say that our trusted government agencies are after more than just my meta-data, as our elected officials kept telling me?
Shucks! And I was planning on removing my current signature line from all my email accounts that read "Dear NSA, please cancel ALL your subscriptions to ALL my accounts!"

Posted by:

21 Jul 2015

I'm also trying to figure out just what you are trying to tell us Mr Rankin! Are you suggesting that we shouldn't bother having an anti-virus program running on our computers at all? If so, I find that very surprising....

EDITOR'S NOTE: Not at all. Please re-read the closing section of the article.

Posted by:

the oncoming storm
24 Jul 2015

"threats to national security"?! that's about like saying "if you're not doing anything illegal, you don't need to worry".

major fault with that logic is the definitions of "illegal" and what constitutes as a "threat" are up to the discretion of those in power and can change at any time. in short, what you do today may become illegal or constitute a threat tomorrow and you may or may not even know it.

Posted by:

Alan M.
27 Jul 2015

The NSA is 99+% illegal. Congress is powerless to control it. After all, they are owned by the corporations and cannot go against their masters.
All three branches of government have been under their control for quite a number of years now. It goes well beyond Democrat or Republican. Even the so-called Independants are under their control.
All I can say is watch your back.........Alan

Posted by:

27 Jul 2015

I agree with Patrick McDonald. It is all very well for Bob to think it unlikely that NSA or GCHQ are gunning for any of us little people. Unfortunately, if the at least nominal democracies under which we are living now are engaging in illegal practices and putting in place a system whereby they can in fact conduct surveillance of any of us at any time whether or not it is legal for them to do so, then what do we expect the actual police state which succeeds them to do? Remember what came after the illegal behavior of the security organs of the Weimar Republic? Any of us could then end up in substantially as much trouble as Winston Smith with substantially as little recourse (none.)

Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! Comments of a political nature are discouraged. Please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are reviewed, and may be edited or removed at the discretion of the moderator.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.

Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter

Copyright © 2005 - Bob Rankin - All Rights Reserved
About Us     Privacy Policy     RSS/XML

Article information: AskBobRankin -- Has The NSA Hacked Your Security Software? (Posted: 25 Jun 2015)
Source: https://askbobrankin.com/has_the_nsa_hacked_your_security_software.html
Copyright © 2005 - Bob Rankin - All Rights Reserved