{"id":1371,"date":"2017-01-10T11:04:05","date_gmt":"2017-01-10T11:04:05","guid":{"rendered":"https:\/\/antivirus.comodo.com\/blog\/?p=1371"},"modified":"2020-08-18T23:16:54","modified_gmt":"2020-08-18T17:46:54","slug":"vulnerability-detected-kaspersky-tls-interception-tool","status":"publish","type":"post","link":"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/vulnerability-detected-kaspersky-tls-interception-tool\/","title":{"rendered":"Serious Vulnerability Detected in Kaspersky\u2019s TLS Interception Tool"},"content":{"rendered":"

A serious security vulnerability has been detected in Kaspersky’s TLS Interception Tool. It’s Google’s Project Zero security researcher, Tavis Ormandy, who has found this rather puzzling vulnerability. This vulnerability issue that Tavis Ormandy has detected lies with Kaspersky\u2019s interception of HTTPS traffic with its own certificate in order to scan for web threats.<\/p>\n

\"vulnerability\"<\/p>\n

Explaining the vulnerability<\/strong><\/p>\n

Tavis Ormandy explains that Kaspersky antivirus installs its own root certificate on a computer, that too not in a well-protected manner. Then it would replace all visited websites’ certificates with its own generated leaf certificates. This is the general expected behavior for web scanning tools. The Google Information Security Engineer discovered that Kaspersky was re-using 32-bit keys for its leaf certificates. Thus it would become easy for an outside attacker to brute force a collision, which would help him intercept the traffic of multiple websites as and when users of Kaspersky would access them. The result would be that the users would either be unable to connect to the websites or else the websites would become unencrypted HTTP connections, thereby helping hackers intercept connections and communications. All this because of this particular bug!<\/p>\n

Tavis Ormandy gives an explanation of how the attack happens-<\/p>\n

“The attack goes like this:<\/p>\n

Mallory wants to intercept mail.google.com traffic, for which the 32bit key is 0xdeadbeef.
\nMallory sends you the real leaf certificate for mail.google.com, which Kaspersky validates and then generates it’s own certificate and key for.
\nOn the next connection, Mallory sends you a colliding valid certificate with key 0xdeadbeef, for any commonName (lets say attacker.com)
\nNow Mallory redirects DNS for mail.google.com to attacker.com, Kaspersky starts using their cached certificate and the attacker has complete control of mail.google.com.”<\/p>\n

He adds- “It seems incredible that Kaspersky haven’t noticed that they sometimes get certificate errors for mismatching commonNames just by random chance. When they get those errors, it’s only because an active attacker didn’t fixup DNS responses that they’re not giving remote websites access to other domain owners.”<\/p>\n

Ormandy, however, says that since Google uses QUIC, its new open source encrypted transport protocol, for its own services, Kaspersky is not able to decrypt Google services connections in Chrome, but with Firefox and other internet browsers<\/a>, this is not the case. There it can be decrypted.<\/p>\n

Anyhow, the vulnerability was reported to Kaspersky and it has been fixed as well.<\/p>\n

The bottom line of the discussion on this particular vulnerability is that though it’s always good to have an antivirus software<\/strong> installed on the system, it’s also good to go for specialized anti-exploit tools and technologies like sandboxing and other virtualization technologies. PC protection<\/em> is always of critical importance, hence it has to be understood that while an antivirus program<\/a> protects us from malware in certain ways, there are instances when we need to do more for PC protection.<\/p>\n

\"comodo<\/a><\/p>\n

\"comodo<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

A serious security vulnerability has been detected in Kaspersky’s TLS Interception Tool. It’s Google’s Project Zero security researcher, Tavis Ormandy, who has found this rather puzzling vulnerability. This vulnerability issue that Tavis Ormandy has detected lies with Kaspersky\u2019s interception of HTTPS traffic with its own certificate in order to scan for web threats. Explaining the […]<\/p>\n","protected":false},"author":5,"featured_media":1463,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[9,12,91],"class_list":["post-1371","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-computer-safety","tag-antivirus","tag-antivirus-software","tag-pc-protection"],"yoast_head":"\nSerious Vulnerability Detected in Kaspersky TLS Interception Tool<\/title>\n<meta name=\"description\" content=\"Google's Project Zero security researcher, Tavis Ormandy detects a serious security vulnerability in Kaspersky's TLS Interception Tool. Stay protected now\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/vulnerability-detected-kaspersky-tls-interception-tool\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Serious Vulnerability Detected in Kaspersky TLS Interception Tool\" \/>\n<meta property=\"og:description\" content=\"Google's Project Zero security researcher, Tavis Ormandy detects a serious security vulnerability in Kaspersky's TLS Interception Tool. Stay protected now\" \/>\n<meta property=\"og:url\" content=\"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/vulnerability-detected-kaspersky-tls-interception-tool\/\" \/>\n<meta property=\"og:site_name\" content=\"Comodo Antivirus Blogs | Anti-Virus Software Updates\" \/>\n<meta property=\"article:published_time\" content=\"2017-01-10T11:04:05+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-08-18T17:46:54+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2017\/01\/RF-10296_4-1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"650\" \/>\n\t<meta property=\"og:image:height\" content=\"300\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"seo\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"seo\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/vulnerability-detected-kaspersky-tls-interception-tool\/\",\"url\":\"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/vulnerability-detected-kaspersky-tls-interception-tool\/\",\"name\":\"Serious Vulnerability Detected in Kaspersky TLS Interception Tool\",\"isPartOf\":{\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/vulnerability-detected-kaspersky-tls-interception-tool\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/vulnerability-detected-kaspersky-tls-interception-tool\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2017\/01\/RF-10296_4-1.jpg\",\"datePublished\":\"2017-01-10T11:04:05+00:00\",\"dateModified\":\"2020-08-18T17:46:54+00:00\",\"author\":{\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/#\/schema\/person\/e534eccce9a7e6ced088443c73329462\"},\"description\":\"Google's Project Zero security researcher, Tavis Ormandy detects a serious security vulnerability in Kaspersky's TLS Interception Tool. Stay protected now\",\"breadcrumb\":{\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/vulnerability-detected-kaspersky-tls-interception-tool\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/vulnerability-detected-kaspersky-tls-interception-tool\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/vulnerability-detected-kaspersky-tls-interception-tool\/#primaryimage\",\"url\":\"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2017\/01\/RF-10296_4-1.jpg\",\"contentUrl\":\"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2017\/01\/RF-10296_4-1.jpg\",\"width\":650,\"height\":300},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/vulnerability-detected-kaspersky-tls-interception-tool\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/antivirus.comodo.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Serious Vulnerability Detected in Kaspersky\u2019s TLS Interception Tool\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/#website\",\"url\":\"https:\/\/antivirus.comodo.com\/blog\/\",\"name\":\"Comodo Antivirus Blogs | Anti-Virus Software Updates\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/antivirus.comodo.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/#\/schema\/person\/e534eccce9a7e6ced088443c73329462\",\"name\":\"seo\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/3b7714e98dafc3a3b391832c0f5e2b406856b62c8e81ad94382c197cdb380790?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/3b7714e98dafc3a3b391832c0f5e2b406856b62c8e81ad94382c197cdb380790?s=96&d=mm&r=g\",\"caption\":\"seo\"},\"url\":\"https:\/\/antivirus.comodo.com\/blog\/author\/seo\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Serious Vulnerability Detected in Kaspersky TLS Interception Tool","description":"Google's Project Zero security researcher, Tavis Ormandy detects a serious security vulnerability in Kaspersky's TLS Interception Tool. Stay protected now","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/vulnerability-detected-kaspersky-tls-interception-tool\/","og_locale":"en_US","og_type":"article","og_title":"Serious Vulnerability Detected in Kaspersky TLS Interception Tool","og_description":"Google's Project Zero security researcher, Tavis Ormandy detects a serious security vulnerability in Kaspersky's TLS Interception Tool. Stay protected now","og_url":"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/vulnerability-detected-kaspersky-tls-interception-tool\/","og_site_name":"Comodo Antivirus Blogs | Anti-Virus Software Updates","article_published_time":"2017-01-10T11:04:05+00:00","article_modified_time":"2020-08-18T17:46:54+00:00","og_image":[{"width":650,"height":300,"url":"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2017\/01\/RF-10296_4-1.jpg","type":"image\/jpeg"}],"author":"seo","twitter_card":"summary_large_image","twitter_misc":{"Written by":"seo","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/vulnerability-detected-kaspersky-tls-interception-tool\/","url":"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/vulnerability-detected-kaspersky-tls-interception-tool\/","name":"Serious Vulnerability Detected in Kaspersky TLS Interception Tool","isPartOf":{"@id":"https:\/\/antivirus.comodo.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/vulnerability-detected-kaspersky-tls-interception-tool\/#primaryimage"},"image":{"@id":"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/vulnerability-detected-kaspersky-tls-interception-tool\/#primaryimage"},"thumbnailUrl":"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2017\/01\/RF-10296_4-1.jpg","datePublished":"2017-01-10T11:04:05+00:00","dateModified":"2020-08-18T17:46:54+00:00","author":{"@id":"https:\/\/antivirus.comodo.com\/blog\/#\/schema\/person\/e534eccce9a7e6ced088443c73329462"},"description":"Google's Project Zero security researcher, Tavis Ormandy detects a serious security vulnerability in Kaspersky's TLS Interception Tool. Stay protected now","breadcrumb":{"@id":"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/vulnerability-detected-kaspersky-tls-interception-tool\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/antivirus.comodo.com\/blog\/computer-safety\/vulnerability-detected-kaspersky-tls-interception-tool\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/vulnerability-detected-kaspersky-tls-interception-tool\/#primaryimage","url":"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2017\/01\/RF-10296_4-1.jpg","contentUrl":"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2017\/01\/RF-10296_4-1.jpg","width":650,"height":300},{"@type":"BreadcrumbList","@id":"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/vulnerability-detected-kaspersky-tls-interception-tool\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/antivirus.comodo.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Serious Vulnerability Detected in Kaspersky\u2019s TLS Interception Tool"}]},{"@type":"WebSite","@id":"https:\/\/antivirus.comodo.com\/blog\/#website","url":"https:\/\/antivirus.comodo.com\/blog\/","name":"Comodo Antivirus Blogs | Anti-Virus Software Updates","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/antivirus.comodo.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/antivirus.comodo.com\/blog\/#\/schema\/person\/e534eccce9a7e6ced088443c73329462","name":"seo","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/antivirus.comodo.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/3b7714e98dafc3a3b391832c0f5e2b406856b62c8e81ad94382c197cdb380790?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/3b7714e98dafc3a3b391832c0f5e2b406856b62c8e81ad94382c197cdb380790?s=96&d=mm&r=g","caption":"seo"},"url":"https:\/\/antivirus.comodo.com\/blog\/author\/seo\/"}]}},"post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/posts\/1371","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/comments?post=1371"}],"version-history":[{"count":22,"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/posts\/1371\/revisions"}],"predecessor-version":[{"id":15027,"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/posts\/1371\/revisions\/15027"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/media\/1463"}],"wp:attachment":[{"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/media?parent=1371"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/categories?post=1371"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/tags?post=1371"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}