Antivirus solutions are one of the basic protection tools for computer users; however, this software is not safe from flaws that alter the security and privacy environment. Recently, IT system audit specialists reported a new vulnerability in the antivirus software of the Russian firm Kaspersky Lab that leaked some details about preferences and customs in the users’ web browser.
For years, the antivirus of this firm injected
an identifier into the HTML of the web pages visited by the user, allowing the
sites to know which browser was being used and know if the private mode was
enabled, it is even feared that the identifier has been leaking the browsing history
of those affected.
IT system audit expert Ronald Eikenberg
discovered that this identifier, known as Kaspersky JavaScript, was injected
into every page he visited, regardless of whether he was using Chrome, Edge,
Firefox or any other browser. “This information may be used to track
visitors to any website for marketing purposes, primarily”, the expert
mentions.
Apparently this practice began at the end of
2015 and stopped a few weeks ago, meaning that for almost four years all
Kaspersky Lab anti malware
products leaked out these details about browser use. “Kaspersky helped
create a gigantic tracking mechanism that can’t even be bypassed using the browser’s
private mode,” says Eikenberg.
The security firm released an update last June,
plus an alert for all its users; this behavior was reported as security vulnerability,
assigning it the key CVE-2019-8286. Unfortunately this is not the only method
used by websites to track their visitors. Although the most common forms of
tracking are the use of IP addresses or cookies, the drivers of these web pages
also use browser extensions or configuration modifications for these
activities.
However, the IT system audit expert states that
injecting a user ID into each website is an unnecessary feature in antivirus
solutions, as well as being a violation of users’ privacy. In addition, there
is the possibility that Kaspersky is not the only antivirus company that
performs this practice, either carelessly or intentionally.
In this regard, Kaspersky published a statement
mentioning that its web page verification process for suspicious activity has
been updated. “Thanks to an internal investigation we conclude that these
privacy flaws are in fact possible, although their occurrence in real-world
scenarios is highly unlikely, as their exploitation requires complex hacking
techniques and is not a profitable activity for the threat actors. We will keep
working to provide our users with a better service,” the statement
says.
IT system audit experts from the International
Institute of Cyber Security (IICS) believe that antivirus manufacturers should
pay more attention to potential leaks of sensitive information that could
result from use of these products, as a tool used for antimalware protection
should not compromise users’ privacy.
