By Thomas Claburn
August 4, 2009
The security risks posed by the use public Wi-Fi networks have been
known for years, but even cautious computer users may be vulnerable to
attack when connected to public Wi-Fi networks as a result of the
widespread insecurity of automated software updates.
In a recent presentation at the DEFCON security conference in Las Vegas,
Radware security researchers Itzik Kotler and Tomer Bitton revealed that
hundreds of popular applications are vulnerable to a man-in-the-middle
attack because they rely on a flawed software update process.
To demonstrate the flaw, Kotler and Bitton have released software called
ippon-mitm that can hijack software update sessions and answer update
queries by returning malware to the requesting computer. Often, a user
will be unaware that an update query has been sent and intercepted and
may continuing to enter sensitive information into the compromised
The researchers said that the update mechanisms in Alcohol 120, Adobe
(NSDQ: ADBE) PDF Reader, GOM Player, Hex Workshop, iMesh, and Skype,
among other applications, were vulnerable.
Kotler declined to name the rest of the vulnerable applications, saying
that his company has been in contact with the appropriate vendors to
inform them about the problem. A company spokesperson was not
immediately available to clarify whether any of the vulnerable
applications have been patched since the DEFCON presentation.
Subscribe to InfoSec News