Google Engineer Discovers Security Loophole On Trend Micro Antivirus Program

By Lynn Palec, | January 15, 2016

Google

Google

Google engineers are known to tinker with software developed by others. The latest discovery was a security loophole hidden deep in the codes of Trend Micro, a popular antivirus scanner.

Google engineer Tavis Ormandy discovered the security loophole. The vulnerability opens up a lot of security risk for users that rely on the Trend Micro antivirus in securing their computers.

Like Us on Facebook

The vulnerability was pointed to Trend Micro's Password Manager. The loophole is a feature, which is automatically installed along with main antivirus scanner on machines running on the Windows platform. Based on Ormandy's report, malicious hackers can execute commands and launch unwanted programs remotely on affected PCs. The Google engineer added that passwords stored in the Password Manager can be accessed with relative ease.

According to CDA News, Ormandy is also responsible for the discovery of AVG's Chrome security add-on vulnerability.

Ormandy said that Trend Micro is using an old API that relies on an "ancient" build of Chromium, the engine behind the Google Chrome browser. The most recent version of Chromium is version 49. However, Trend Micro used version 41 which was released way back in January 2015.

In a test made by Ormandy, he was able to run a local program but he added that using the same method that he used, attackers can launch remote attacks to unknowing users.

In a statement acquired by Engadget, Ormandy said, "I don't even know what to say - how could you enable this thing 'by default' on all your customer machines without getting an audit from a competent security consultant."

The discovery of the security vulnerability on Trend Micro's antivirus program highlights a worrying trend among software vendors. Tech analysts assess that users install programs like Trend Micro in order to protect their system against malicious attackers and it is ironic that these software actually put users' sensitive information at risk. The worst part of the security loophole is that users may never know in the first place that their computer was attacked.

Trend Micro said that it working with Ormandy in order to resolve the issue. The company commended Ormandy for his work on their software and promised to release a patch in order to secure the perceived vulnerability.

©2024 Telegiz All rights reserved. Do not reproduce without permission
Real Time Analytics