evil upgrade demoed via wi-fi

This “evilgrade” is definitely not new:

Researchers here tomorrow will demonstrate a way to hijack the application update process via WiFi and replace the updates with malware.

But when the “hypothetical” becomes the easy and pragmatic, the threat is taken more seriously.

The solution is for software companies to digitally sign their updates:

Microsoft apps are immune to the attack because Microsoft digitally signs its application updates, Kotler says. "If [an application developer] distributes a public key and signs every binary with their own private key, it’s safe" from the attack, he says.



This entry was posted on Sunday, August 2nd, 2009 at 3:50 pm and is filed under Security, Tech. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.

Learn More

Related Posts: Security, Tech , zero-tolerance rules make zero sense , intuitive risk assessment , evil upgrade demoed via wi-fi , 3 approaches to computer security , assessing the risk of global nuclear annihilation , Linux … in the BIOS , politics, piracy, and corruption , scada (infrastructure system security) totally inadequate … OMG! , BIOS malware in our future , extracting cryptographic keys from memory