Kaspersky Antivirus zero-day allowed hackers to track users

A German journalist discovered a flaw in the system of Kaspersky Lab’s antivirus that led to a significant security risk which allowed cybercriminals to track Kaspersky customer without their knowledge.

This all started when Ronald Eikenberg began testing antivirus programs for his own publication. A few months later he discovered that on a website, Kaspersky’s antivirus has been injecting some code. Eikenberg said that it seems that Kaspersky is trying to find ways in interacting with the site even though there is no browser extension on the system.

“One of the purposes of the script is to evaluate Google search results displayed in the user’s browser. If a link is safe, the Kaspersky software will display a green shield behind it,” he added.

In this era, most of the companies and websites would require tracking users across the internet to identify them and learn their interest to provide the target advertisements to be shown to them. Usually, this would require 3rd-party cookies, and this would allow even Facebook or Google to track your movement throughout multiple websites.

The problem however when using Kaspersky Antivirus is that it exposes a user by tagging them with a unique identifier that will record and keep track of what you visited in the past four years, which would allow some sites and third-party services to track them even though users have already blocked them. This will be putting the users at risk since everything that the user does is being monitored or kept track of.

“That’s a bad idea because other scripts that run in the context of the website domain can access the HTML code at any time—and thus the injected Kaspersky ID. This means in plain language that any website can simply read the Kaspersky ID of the user and misuse it for tracking,” the researcher says.

Instead of using unique identifiers, they were given a specific ID assigned to a particular computer; thus, it does not change after several days.

This attack could lead to scamming people by either asking their personal information or bank account information through the form of a payment system. One good example would be that a pop-up will show up and say ‘your license has expired, please enter your credit card information to renew your subscription.’

This process would affect multiple users that are using Kaspersky Antivirus. 

There was a patch that was issued last month to update all Kaspersky antivirus program for all the user of a specific version. However, there is still a version of the security tool that still allows a malicious hacker to know that antivirus software is installed on the machine.

Another way to somehow mitigate the problem is to manually uncheck in the software settings depending on the situation that you feel you are being spied on.

Kaspersky has already removed the unique identifiers for the GET request to enhance somehow the process of checking web pages when it comes to malicious activity. The change was provoked by Eikenberg after he notified Kaspersky about the possible risk of personal information disclosure when using unique identifiers for the GET request.

A statement released by Kaspersky revealed that based on their research, there is a minimal chance that this could be carried out in practice, but it is theoretically possible to happen. The complexity of the program would help fend off the leak of private information and also its low profitability would somehow be a discouragement for the hacker. 

Nevertheless, the company would still need to improve their system in order to prevent further mishaps, the private information that should be protected by the company is a due responsibility that should not be taken short for. Thus it is a severe issue if Kaspersky does not resolve the problem at hand right away. 

On a brighter note, if users want to disable tracking altogether, they can manually disable the URL advisor feature from the settings – additional – network- uncheck traffic processing box. This procedure will allow the user to be safe and not be monitored for the meantime while using the said application.

Users of specific tools that sole purpose is to protect our information and protect the user, having this kind of issue will bring distraught to the public in trusting some of the protection programs to install on their devices.

Be the first to comment on "Kaspersky Antivirus zero-day allowed hackers to track users"

Leave a comment

Your email address will not be published.


*