Advertisement
Open App

Data can be wiped with antivirus software

  •
    Web Desk

    13th Dec, 2022. 06:22 am

  • Share

Data can be wiped with antivirus software

Data can be wiped with antivirus software

Advertisement
  • Cybersecurity researcher says that antivirus software can be hacked to delete data.
  • Virus affects products like Microsoft, SentinelOne, TrendMicro, Avast, and AVG.
  • Or Yair says vulnerability can be used to help with a number of cyberattacks called “Wipers”.
Advertisement

A top cybersecurity researcher has said that many popular pieces of antivirus software like Microsoft, SentinelOne, TrendMicro, Avast, and AVG can be used to delete data.

In a document called “Aikido,” which opens in a new tab, Or Yair, who works for the cybersecurity company SafeBreach, explained how the exploit works by using what is called a “time-of-check to time-of-use” (TOCTOU) vulnerability.

Aikido is a Japanese style of martial arts that is known for trying to use the opponent’s own movement and force against them.

Yair says that the vulnerability can be used to help with a number of cyberattacks called “Wipers,” which are often used in offensive war situations.

In cybersecurity, a wiper is a type of malware that deletes data and programmes from the hard drive of the computer it infects.

The slide deck says that the exploit changes the “superpower” of endpoint detection software so that it can “delete any file, no matter who owns it.”

Advertisement

As part of the whole process, a malicious file was made in “C:tempWindowsSystem32driversndis.sys.”

After that, you hold its handle and tell the “AV/EDR to put off the deletion until the next reboot.”

After this, the “C:temp directory” is deleted and a “junction in C:temp –> C:” is made. The machine is then turned back on.

Yair says that only about 50% of the most well-known antivirus brands were affected.

A slide deck made by the researcher says that the vulnerability affected Microsoft Defender, Defender for Endpoint, SentinelOne EDR, TrendMicro Apex One, Avast Antivirus, and AVG Antivirus.

Some products, like Palo Alto, XDR, Cylance, CrowdStrike, McAfee, and BitDefender, were lucky enough not to be affected.

Advertisement

Also Read

Snapchat has added purple lock to its Stories feature

Snapchat's Stories now have a purple lock. This means that only a...

Advertisement
Read More News On

Catch all the Business News, Breaking News Event and Latest News Updates on The BOL News


Download The BOL News App to get the Daily News Update & Live News.


Advertisement
End of Story
BOL Stories of the day
Apple’s first foldable iPhone expected to launch till 2027
OpenAI CEO Sam Altman warns of AI investment bubble despite industry's explosive growth
Pakistan to launch first Hyperspectral Satellite from China on Oct 19
SpaceX starship completes final test flight, paving way for next generation
Stop doing this: Habits that are slowly killing your gut
Govt forms AI advisory panel to boost digital transformation in Pakistan

IN THE SPOTLIGHT

CORONAVIRUS OUTBREAK

TOP STORIES RIGHT NOW
MORE LATEST NEWS
Advertisement
Next Article
Exit mobile version