By Lynn Palec, | January 15, 2016
Google engineers are known to tinker with software developed by others. The latest discovery was a security loophole hidden deep in the codes of Trend Micro, a popular antivirus scanner.
Google engineer Tavis Ormandy discovered the security loophole. The vulnerability opens up a lot of security risk for users that rely on the Trend Micro antivirus in securing their computers.
Like Us on Facebook
The vulnerability was pointed to Trend Micro's Password Manager. The loophole is a feature, which is automatically installed along with main antivirus scanner on machines running on the Windows platform. Based on Ormandy's report, malicious hackers can execute commands and launch unwanted programs remotely on affected PCs. The Google engineer added that passwords stored in the Password Manager can be accessed with relative ease.
According to CDA News, Ormandy is also responsible for the discovery of AVG's Chrome security add-on vulnerability.
Ormandy said that Trend Micro is using an old API that relies on an "ancient" build of Chromium, the engine behind the Google Chrome browser. The most recent version of Chromium is version 49. However, Trend Micro used version 41 which was released way back in January 2015.
In a test made by Ormandy, he was able to run a local program but he added that using the same method that he used, attackers can launch remote attacks to unknowing users.
In a statement acquired by Engadget, Ormandy said, "I don't even know what to say - how could you enable this thing 'by default' on all your customer machines without getting an audit from a competent security consultant."
The discovery of the security vulnerability on Trend Micro's antivirus program highlights a worrying trend among software vendors. Tech analysts assess that users install programs like Trend Micro in order to protect their system against malicious attackers and it is ironic that these software actually put users' sensitive information at risk. The worst part of the security loophole is that users may never know in the first place that their computer was attacked.
Trend Micro said that it working with Ormandy in order to resolve the issue. The company commended Ormandy for his work on their software and promised to release a patch in order to secure the perceived vulnerability.
-
Use of Coronavirus Pandemic Drones Raises Privacy Concerns: Drones Spread Fear, Local Officials Say
-
Coronavirus Hampers The Delivery Of Lockheed Martin F-35 Stealth Fighters For 2020
-
Instagram Speeds Up Plans to Add Account Memorialization Feature Due to COVID-19 Deaths
-
NASA: Perseverance Plans to Bring 'Mars Rock' to Earth in 2031
-
600 Dead And 3,000 In The Hospital as Iranians Believed Drinking High-Concentrations of Alcohol Can Cure The Coronavirus
-
600 Dead And 3,000 In The Hospital as Iranians Believed Drinking High-Concentrations of Alcohol Can Cure The Coronavirus
-
COVID-19: Doctors, Nurses Use Virtual Reality to Learn New Skills in Treating Coronavirus Patients