Security researchers have found a new threat to the way that consumers use websites, but this time it’s from software that is designed to block adverts.
PrivDog worse than Superfish
Apparently, PrivDog compromises a security protocol used on the Internet called Secure Sockets Layer (SSL), which is used to safeguard online transactions. This follows the discovery recently of problems with software known as Superfish which was preinstalled by Lenovo on new PCs.
PrivDog has said its issue may have compromised more than 57,000 users.
“The issue potentially affects a very limited number of websites”, the company said in a statement.
“The potential issue has already been corrected. There will be an update tomorrow, which will automatically update all 57,568 users of these specific PrivDog versions”.
PrivDog is a tool that blocks ads and replaces them with those from trusted sources, but it joins a large group of software that is affected by related security flaws. And industry experts say that since Superfish came to light last week, there have been more than a dozen more examples of similar problems. Superfish was intended to help users find products by analysing images on web pages to find the cheapest ones, but it was compromised by intercepting connections and issuing fake ‘certificates’ which are the IDs that identify websites, which meant sites could hand over data to untrustworthy sources in a ‘man in the middle’ style attack.
Lenovo has now issued a software tool so that users can remove the hidden software, but unfortunately the company faces a lawsuit from users who said it was unlawfully preloaded.
PrivDog has been described by experts as being “worse than Superfish”. The main worry is that it links to security company Comodo which issues a third of secure certificates used on the web. PrivDog was developed with the founder of Comodo, Melih Abdulhayogulu, and some versions of the software come with Comodo’s software.
Comodo apparently told the BBC that the affected versions “had never been distributed” by it.
A discussion that started on the Hacker News forum found that in the process of swapping adverts, PrivDog also left machines vulnerable to attack. In a blogpost, technology journalist Hanno Bock said: “A quick analysis shows that it doesn’t have the same flaw as Superfish, but it has another one which arguably is even bigger.”
“PrivDog is in every sense as malicious as Superfish,” said Simon Crosby of security firm Bromium.
“It intercepts and decrypts supposedly secure communication between the browser and a remote site – such as the user’s bank – ostensibly to insert its own advertising into pages in the browser.
“It is substantially more scary, though, because PrivDog effectively turns your browser into one that just accepts every https certificate out there without checking its validity, increasing vulnerability to phishing attacks, for example.”
Last week, Comodo announced it was the number one digital certificate authority in the world, with its products used by nearly 35% of all websites ending in .com.
“They are one of the leading certificate authorities, and the fact that PrivDog is issuing fake certificates is shocking,” said Marc Rogers, researcher at security firm CloudFlare.
In a blogpost written at the beginning of 2014, Mr Abdulhayogulu said that he had developed PrivDog “with the privacy of the user in mind”.
“Isn’t it great that the company whose DNA is about your security makes more money so that they can continue to innovate and invest in products that make you safer”, he said
Internet security experts have identified a growing list of software that interferes with SSL, and most of the products were developed by security firms, including anti-malware software and tools designed to offer parents more control over their children’s web browsing. All can be traced back to Komodia – technology developed by an Israeli firm, which describes itself as a “SSL hijacker”.