Written By: Hussen Munye, BITS Student IT Security Analyst.
How Compromised Applications Work:
Who controls your computer? People may believe they have total control over their computer, but that is far from the case. Imagine needing to communicate through an interpreter. You rely on the interpreter to accurately convey your messages, but if they have other motives or can’t relay the message properly, you lose control of the conversation.
This is also the case when you install applications. You place your full trust in the developers and companies behind the application. Software often has more control over your computer due to its high level of access within a system. It is the translator communicating with your computer.
Applications also interact with the kernel, which has control over everything in the system through system calls. The kernel provides applications with system services and is the middleman between the applications and the computer's hardware and resources. Applications operate within the framework provided by an operating system, which has deep control over an entire computer.
Applications are designed to perform specific tasks by interacting with your computer’s hardware and operating system. While some applications do behave properly and perform as intended, others may exploit these permissions either intentionally or through security vulnerabilities, to compromise your computer.
One way this may happen is through over-privileging. When you install an application, it requests specific permissions. For example, a photo editing app asking for permission to access photos. An over privileged application requests or receives more permissions than it needs to complete its task, which can provide unauthorized or unintended access to data not required for the application to work. This can leave a computer vulnerable to attackers who want to take advantage of the extra permissions granted to that application. User behavior can also affect this, such as applications giving deceptive prompts or messages that convince the user to allow permissions they otherwise wouldn't provide.
Applications can also override or work around user permissions in different ways. By leveraging security vulnerabilities, a malicious user can execute code to escalate privilege and gain even more access within the system. Security vulnerabilities can be thought of as holes in the walls of a home where intruders may find their way through. These weaknesses in the digital world can allow attackers to gain access, steal personal information, or cause damage to systems and data.
CCleaner, a system optimization tool with millions of users worldwide, suffered a compromise in its update mechanism. Attackers took advantage of this update mechanism to distribute a compromised version of CCleaner as a new software update. This version contained malware designed to steal sensitive information from millions of affected systems.
Adobe Photoshop, one of the most widely used image editing applications, has also had security vulnerabilities. In one instance, attackers could use specially crafted image files and embed them with malicious code. Opening these malicious images on computers triggered the code to execute. This provided an opportunity for data to be compromised and for unauthorized access on systems to occur.
WinRAR, a popular file compression and archiving tool for Windows, also faced a notable security incident in the past. In early 2019, a security researcher discovered a critical vulnerability that existed for over a decade. This vulnerability allowed attackers to create malicious ACE (Archives Compressed by Elvis) archives, a proprietary data compression archive file format. When users extracted files from this ACE archive, malicious code then ran on their systems. After this weakness, WinRAR immediately released a security update addressing the issue and ended support for the ACE file format. These examples emphasize the importance of being cautious when installing and interacting with applications.
Human Element and How to Protect Your Computer:
A user's role in computer security is very crucial. One good practice is to only download applications from trusted sources. Trusted sources for downloading applications vary depending on the platform (Windows, macOS, IOS, Android) and type of application. Trusted generally means that the source has a history of providing safe and legitimate software or applications.
Official websites and developers are often trusted sources for applications, but their reliability is not without exceptions. Even these official sources can be compromised leading to the distribution of malicious applications, security vulnerabilities, and misleading promotions. Hackers can manipulate legitimate downloads, undermining the trustworthiness of these sources. Users, organizations, and developers should all be cautious about the sources they use. You can take steps to protect yourself from harmful applications by:
- Only installing applications from trusted sources.
- Being mindful of permissions requested by apps.
- Keeping software and operating systems up to date.
- Staying cautious about phishing attempts by verifying the authenticity of any sender that invites you to download and install applications.
- Avoiding any suspicious links.
Following these steps can help in protecting your computer from malicious or vulnerable software.
Need to report an IT security event or incident?
To report, please submit a ticket here: Report an IT Security Incident, or call the IT Service Desk at (585) 395-5151 Option 1.
References
Kernel Definition (linfo.org)
Reducing overprivileged permissions and apps | Microsoft Learn
Piriform CCleaner threat information and recommendations (trendmicro.com)
What is Privilege Escalation? - CrowdStrike
NVD - CVE-2021-40709 (nist.gov)
NVD - cve-2018-20250 (nist.gov)