Researchers hijack computer software update process

An Israeli security firm has found a new vector with which to attack computers on the network. The researchers from Radware did this by targeting the increasingly common process where computer software automatically obtains software patches or updates via the Internet.

They have released a tool called Ippon to do the hijacking, and it works by responding to an update request before the legitimate application update server. In this manner, a malware executable could potentially be downloaded and executed without the user being any wiser. Team leader Itzik Kotler noted that about 100 different applications can be targeted.

This threat vector is particularly potent due to the number of applications that automatically poll for updates from the Internet. In fact, a number of them do not even offer the option to disable automatic updates.

Fortunately, Microsoft's Windows Update is not vulnerable due to the fact that it uses digital certificates. Ultimately, the problem can be nullified with the use of proper authentication methods. For now though, it is an additional step and it will be some time yet before most developers start to incorporate it into their applications. As such, it makes sense to avoid applications that do not use digital certificates and do not have the option to disable automatic updates.

For more on this story:
- check out this article at ZDNet

Related Articles:
Are software maintenance fees worth it?
Microsoft to test Windows 7 auto-update feature
Windows 7 released to manufacturing