Kaspersky Antivirus Injected Unique ID That Allowed Tracking Its Users Online

A security flaw in Kaspersky antivirus leaves millions of users exposed to online hack

A security journalist Ronald Eikenberg at German computer magazine Cโ€™T revealed that a flaw in Kaspersky antivirus software allowed third parties to spy on its millions of users for years – even in the browserโ€™s Incognito Mode or when you use a different browser such as Chrome, Firefox, or Edge.

According to an article titled “Kasper-Spy: Kaspersky Anti-Virus puts users at risk published in the magazine on Thursday, Kaspersky AV software inserted a Universally Unique Identifier (UUID) into the JavaScript code of every browser a user visited without their consent. The website operator too could view the code and identifier.

“That’s a remarkably bad idea,” Eikenberg explained. “Other scripts running in the context of the website domain can access the entire HTML source any time, which means they can read the Kaspersky ID. In other words, any website can read the user’s Kaspersky ID and use it for tracking. If the same Universally Unique Identifier comes back or appears on another website of the same operator, they can see that the same computer is being used.”

Eikenberg confirmed that the flaw was found in all versions ofย Kasperskyย antivirus software that was released after late 2015.

“My inquiries revealed that the leak was introduced with Kaspersky’s ‘2016’ editions, released in the Autumn of 2015. And the UUID wasn’t hidden. If I was able to find it by happenstance, various people, from eager marketers to malicious attackers may have been exploiting it for almost four years,” he added. “Several million users must have been exposed overall.โ€

According to Eikenberg, the company has been injecting JavaScript code via its various products, including Kaspersky Lab Internet Security and Kaspersky Lab Free Anti-Virus.

Kaspersky, for its part, fixed the flaw this June and also issuedย an advisory in regards to the riskย a month later. However, the company downplayed the risk posed by the behaviorย of the tracking ID as a minor flaw.

โ€œKaspersky has modified the method of checking webpages for malicious process by way of disposing of the use of distinctive identifiers for the GET requests. This transformation was once made after Ronald Eikenberg reported to us that the usage of distinctive identifiers for the GET requests can doubtlessly result in the disclosure of a consumerโ€™s non-public knowledge.

โ€œAfter our inside analysis, weโ€™ve got concluded that such situations of consumerโ€™s privateness compromise are theoretically imaginable however are not likely to be performed in apply, because of their complexity and coffee profitability for cybercriminals. Nonetheless, weโ€™re continuously running on making improvements to our applied sciences and merchandise, leading to a metamorphosis on this procedure.

โ€œWe would love to thank Ronald Eikenberg for reporting this to us,โ€ Kaspersky said.

Those who are worried about the security risks can head to settings of the Kaspersky Antivirus software. Then navigate to Additional/Network, going to Traffic Processing and uncheck “Inject script into web traffic to interact with web pages” to turn off the JavaScript injection.

Kavita Iyer
Kavita Iyerhttps://www.techworm.net
An individual, optimist, homemaker, foodie, a die hard cricket fan and most importantly one who believes in Being Human!!!

Read More

Suggested Post