Use your computer fearlessly.




[ Security | Consulting | Research ]





Trojan-Updates

by Brent Kirkpatrick

(Date Published: .)



Updates can be Trojan horses.



If any part of the update machinery is commandeered by hackers, then they can release updates that are Trojans. The vulnerable places are:

  1. the existence of Trojan update servers,
  2. the compromise of a genuine update server, and
  3. the compromise of update web sites.

Recall that the systems administrator of a computer must ask the OS to get updates. This means that the update program is running with root permissions when it requests and installs updates. So, if an update is a Trojan, the hacker gains root access.

How can hackers prepare Trojan-updates? They need to compromise an update server and have sufficient knowledge of the updates to create one with a back-door. They can obtain the former by targeted hacking or by using a worm. The latter they either get by careful inspection of shipped updates or by lifting the source code of an update off the vendor's development machine.

A very skilled team of hackers with one ubiquitous worm could accomplish all of the above. Once they locate the development computer and the update servers, they are easily able to slip a back-door into an update.










bbkirk@intrepidnetcomputing.com




© 2015, 2016, 2017, 2018 Intrepid Net Computing. All rights reserved.