Security Vulnerability Discovered in Games and Parental Control

Security researchers claimed that a serious security problem originating from the advertising software installed on Lenovo computers appeared to be more widespread than they first believed. The so-called “Superfish” vulnerability affected a number of Lenovo laptops shipped late in 2014 by exposing laptop users to a hijacking technique. Today security experts also believe that it affects parental control tools and other adware.

This security flaw left owners of Lenovo laptops purchased a few months ago open to eavesdropping and attacks of “man-in-the-middle” type (even via encrypted connection). The weakness centers on a self-signed security certificate installed by the Superfish adware. Its intended purpose was to allow inject ads into search results and secure sites.

However, the technique dubbed “SSL hijacking” turns out to be a framework purchased from a 3rd company, Komodia. In its turn, Komodia’s framework, shipped as SSL Decoder, is found in many other products as well. Security experts claim that parental control software and IP-cloaking technology also contain the vulnerability, and Facebook reportedly discovered that certificates being issued by some adware vendors disguised as games or search assistants.

So, parents who have installed parental control software are recommended to check if their computer has been affected by this weakness. There are free online checks created by independent developers that are able to identify the presence of the certificates, and the concerned users are recommended to visit them.

Facebook explained that these apps have one thing in common: they make people less secure via use of an easily obtained root CA. Besides, they provide almost no information about the risks of the technology, and are sometimes difficult to remove. In addition, the chances are that those intercepting SSL proxies will not keep up with the HTTPS features in web browsers (for instance, certificate pinning and forward secrecy), which means that they could potentially expose private information to network attackers. Anti-virus products can recognize part of those deficiencies as malware or adware, but the security experts admitted that detection successes are sporadic.

The social network found the weaknesses during a wider project, started in 2012, to find out how prevalent SSL “man-in-the-middle” attacks can be. Facebook’s project, carried out together with Carnegie Mellon University, revealed that 0.2% of SSL certificates, needed to surf the Internet securely, had been tampered with. In Facebook research, 6,000 people were affected.

Following these revelations, Komodia is currently experiencing website outages. The company blamed the outages on a distributed denial of service attacks on its servers and refused to comment on the allegations of the security experts and Facebook representatives. 

by: ozi