back to article No big deal. You can defeat Kaspersky's ATM antivirus with a really fat executable

Flaws have been found and fixed in Kaspersky Lab's security software for cash machines and other embedded systems. Hackers can exploit the bugs to circumvent anti-malware defenses in ATMs. Although Kaspersky responded promptly to the discovery and developed and released a patch, one wonders how long it will take for the …

  1. Vector

    OK, so if I'm reading this right, it comes down to: You can pwn Kaspersky's AV if you've already pwned the machine?

  2. hellwig

    If it's too hard, why bother?

    When this time interval runs out, the program is started anyway.

    Sounds like someone made a trade-off between user experience and security. Who let the sales people into the meeting on security?

    This is a one-shot attack because the hashing process is not halted, and the system caches signatures. Therefore, the next time that executable is started, Kaspersky's software will be able to immediately realize the file is bad and stop it.

    So, the last thing your application should do is rename and reinstall itself?

    I'm less worried about Kaspersky's ties to the Russian government and more about their QA and verification procedures.

    1. Stevie

      Re: If it's too hard, why bother?

      I used to regularly have to explain the facts of life to database programmers who coded "check error return status and plough on regardless" every furging time.

      Got to the point that when programmers turned up claiming a database issue I would offer to give them ten dollars if that turned out to be the case, and if they agreed to pay me one dollar for every code logic error I could spot in their blither. Not one taker, usually because I'd glance at page one and say "you should know you are already three bux in the hole" or somesuch.

      1. Anonymous C0ward

        Re: If it's too hard, why bother?

        A common offence in our codebase is single CRUD calls inside loops. Hit it with enough linked records and we get locking errors. Which are then not always handled gracefully.

  3. Anonymous Coward

    Security prog borks on large files

    "When this program is started, the system computes its hash and checks this against a list of approved signatures to decide whether to allow or block the execution. With a large file, the process takes longer than the time allotted for verification. When this time interval runs out, the program is started anyway."

    This would never have happened if they used industry standard commercial software from Microsoft.

  4. Flakk

    When this time interval runs out, the program is started anyway.

    I am having a difficult time thinking up a scenario where failing open is a good idea for a banking system. Security is often complex and messy and a big PITA. Sometimes the risk warrants the pain.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like