Results 1 to 2 of 2
  1. #1
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003

    Automatic updating becoming a problem?

    Taken from techrepublic ...

    Original source http://blogs.techrepublic.com.com/se...56&tag=nl.e036

    Thereís been more than enough tech press about the big issues, which is okay; I want to discuss one that doesnít seem to be on anyoneís radar yet. Itís a sleeper app, but with huge potential if Iím right.
    People are usually glad if computer applications are configured to update automatically, less to worry about. That may change. What if an attacker could hijack the update request and download malware instead of the update?
    Meet Ippon
    Iíd like to introduce you to Ippon (Japanese for ďgame overĒ) an attack tool created by Itzik Kotler, security team leader and Tomer Bitton, security researcher for Radware. Ippon is one of those ideas thatís so obvious Iím sure many are saying why didnít I think of that.
    How Ippon works
    Ippon looks for computers that are asking for updates and tries to replace the update with malware. One thing in Ipponís favor is that most applications are setup to check for updates automatically. Kotler and Bitton have ported Ippon to scan open Wi-Fi networks specifically for Hyper Text Transport Protocol (HTTP) update request traffic. When traffic is detected, it becomes a race to see if Ippon can respond before the update server for that particular application.
    If Ippon wins, a message is sent informing the application that an update is available, even if itís not. To avoid suspicion, Kotler and Bitton have built in a reference library to allow Ipponís response to closely mimic the actual one. Once the connection is established a malicious file is then downloaded from the attackerís server and game over.
    Vulnerable update processes

    Kotler and Bitton in an informal poll determined that approximately 100 applications are vulnerable to the Ippon attack, but wonít specifically mention which ones. Thankfully Microsoft applications arenít. All MS updates are digitally signed and canít be spoofed. Actually, thatís the way to tell if an application is not susceptible to Ippon.
    Preventative measures
    Some of the suggested solutions are a bit obvious. Such as donít use open Wi-Fi networks. Or if you have to, donít update your computer while connected to an open Wi-Fi network. I said they were obvious.
    But what about an application that updates automatically and in the background. The only visual indication usually happens after the process is complete. Technically, the only way to avoid the Ippon attack while using open Wi-Fi networks is to use a secure VPN tunnel.
    A friend of mine suggested that I mention to update proactively, maybe using Secunia PSI. I think thatís a good idea, even if Ippon didnít exist. Still, Iím concerned about a false sense of security, automated updaters follow a schedule and will check for updates regardless.
    Final thoughts
    As of this writing Ippon has been released, so itís only a matter of time. I have e-mailed and left voice mails with several of the major application developers, Adobe for instance. When I learn whether an application uses signed updates or not, I will add a comment with that information.
    I have one last question. Kolter and Bitton are focused on Wi-Fi, because itís the simplest attack vector. What if Ippon could be developed into an exploit that infiltrated wired networks?
    Quite alarming, but im sure there are specific rules in place.

    On the other hand when conficker started its crap, it changed DNS settings which caused our clients not to update so yeah could do some harm.

    Thankfully Microsoft applications arenít. All MS updates are digitally signed and canít be spoofed. Actually, thatís the way to tell if an application is not susceptible to Ippon.
    Was looking for that one ...
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

  2. #2
    Senior Member
    Join Date
    Dec 2006
    Myrtle Beach, SC
    If my mom found out about this, she would never let me live it down.

Similar Threads

  1. Sql Server Problem?
    By ommy in forum Microsoft Security Discussions
    Replies: 24
    Last Post: April 21st, 2005, 06:27 PM
  2. Read Me First
    By Negative in forum The Security Tutorials Forum
    Replies: 12
    Last Post: June 2nd, 2004, 01:09 AM
  3. Spam problem
    By FamStars&Straps in forum Miscellaneous Security Discussions
    Replies: 2
    Last Post: October 12th, 2003, 05:33 AM
  4. C problem...
    By Rna in forum General Programming Questions
    Replies: 4
    Last Post: May 22nd, 2002, 07:03 AM
  5. Help! I've got a nasty IDE problem
    By thesecretfire in forum Hardware
    Replies: 16
    Last Post: May 17th, 2002, 12:31 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

We have made updates to our Privacy Policy to reflect the implementation of the General Data Protection Regulation.