Results 1 to 2 of 2

Thread: Automatic updating becoming a problem?

  1. #1
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,683

    Automatic updating becoming a problem?

    Taken from techrepublic ...

    Original source http://blogs.techrepublic.com.com/se...56&tag=nl.e036

    There’s been more than enough tech press about the big issues, which is okay; I want to discuss one that doesn’t seem to be on anyone’s radar yet. It’s a sleeper app, but with huge potential if I’m right.
    People are usually glad if computer applications are configured to update automatically, less to worry about. That may change. What if an attacker could hijack the update request and download malware instead of the update?
    Meet Ippon
    I’d like to introduce you to Ippon (Japanese for “game over”) an attack tool created by Itzik Kotler, security team leader and Tomer Bitton, security researcher for Radware. Ippon is one of those ideas that’s so obvious I’m sure many are saying why didn’t I think of that.
    How Ippon works
    Ippon looks for computers that are asking for updates and tries to replace the update with malware. One thing in Ippon’s favor is that most applications are setup to check for updates automatically. Kotler and Bitton have ported Ippon to scan open Wi-Fi networks specifically for Hyper Text Transport Protocol (HTTP) update request traffic. When traffic is detected, it becomes a race to see if Ippon can respond before the update server for that particular application.
    If Ippon wins, a message is sent informing the application that an update is available, even if it’s not. To avoid suspicion, Kotler and Bitton have built in a reference library to allow Ippon’s response to closely mimic the actual one. Once the connection is established a malicious file is then downloaded from the attacker’s server and game over.
    Vulnerable update processes

    Kotler and Bitton in an informal poll determined that approximately 100 applications are vulnerable to the Ippon attack, but won’t specifically mention which ones. Thankfully Microsoft applications aren’t. All MS updates are digitally signed and can’t be spoofed. Actually, that’s the way to tell if an application is not susceptible to Ippon.
    Preventative measures
    Some of the suggested solutions are a bit obvious. Such as don’t use open Wi-Fi networks. Or if you have to, don’t update your computer while connected to an open Wi-Fi network. I said they were obvious.
    But what about an application that updates automatically and in the background. The only visual indication usually happens after the process is complete. Technically, the only way to avoid the Ippon attack while using open Wi-Fi networks is to use a secure VPN tunnel.
    A friend of mine suggested that I mention to update proactively, maybe using Secunia PSI. I think that’s a good idea, even if Ippon didn’t exist. Still, I’m concerned about a false sense of security, automated updaters follow a schedule and will check for updates regardless.
    Final thoughts
    As of this writing Ippon has been released, so it’s only a matter of time. I have e-mailed and left voice mails with several of the major application developers, Adobe for instance. When I learn whether an application uses signed updates or not, I will add a comment with that information.
    I have one last question. Kolter and Bitton are focused on Wi-Fi, because it’s the simplest attack vector. What if Ippon could be developed into an exploit that infiltrated wired networks?
    Quite alarming, but im sure there are specific rules in place.

    On the other hand when conficker started its crap, it changed DNS settings which caused our clients not to update so yeah could do some harm.

    Thankfully Microsoft applications aren’t. All MS updates are digitally signed and can’t be spoofed. Actually, that’s the way to tell if an application is not susceptible to Ippon.
    Was looking for that one ...
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

  2. #2
    Senior Member
    Join Date
    Dec 2006
    Location
    Myrtle Beach, SC
    Posts
    238
    If my mom found out about this, she would never let me live it down.

Similar Threads

  1. Sql Server Problem?
    By ommy in forum Microsoft Security Discussions
    Replies: 24
    Last Post: April 21st, 2005, 06:27 PM
  2. Read Me First
    By Negative in forum The Security Tutorials Forum
    Replies: 12
    Last Post: June 2nd, 2004, 01:09 AM
  3. Spam problem
    By FamStars&Straps in forum Miscellaneous Security Discussions
    Replies: 2
    Last Post: October 12th, 2003, 05:33 AM
  4. C problem...
    By Rna in forum General Programming Questions
    Replies: 4
    Last Post: May 22nd, 2002, 07:03 AM
  5. Help! I've got a nasty IDE problem
    By thesecretfire in forum Hardware
    Replies: 16
    Last Post: May 17th, 2002, 12:31 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •