Google’s Project Zero has found that it was previously trivial to create an SSL certificate collision thanks to Kaspersky using only the first 32 bits of an MD5 hash in its SSL proxy packaged with its Anti-Virus product.
“You don’t have to be a cryptographer to understand a 32-bit key is not enough to prevent brute-forcing a collision in seconds,” Tavis Ormandy of Project Zero said in its issue tracker.
According to Ormandy, Kaspersky uses a Windows Filtering Platform driver to intercept all outgoing secure HTTP connections from a client, and inject itself between the browser and website.
“They effectively proxy SSL connections, inserting their own certificate as a trusted authority in the system store and then replace all leaf certificates on the fly. This is why if you examine a certificate when using Kaspersky Anti-Virus, the issuer appears to be ‘Kaspersky Anti-Virus Personal Root’,” he said.
“It seems incredible that Kaspersky haven’t noticed that they sometimes get certificate errors for mismatching commonNames just by random chance. When they get those errors, it’s only because an active attacker didn’t fix up DNS responses that they’re not giving remote websites access to other domain owners.”
After Ormandy reported the bug and received acknowledgement from Kaspersky on November 1, despite learning the security vendor was doing some commonName checks, the bug was still able to be exploited.
“If you’re not being attacked, you would see random errors. A MITM [man in the middle] can send you packets from where you were expecting,” Ormandy said on Twitter.
Ormandy also found another bug on November 12 that allowed any unprivileged user to become a local certificate authority.
Kaspersky fixed both bugs on December 28.
In May last year, the Project Zero security researcher discovered that Symantec Antivirus Engine was vulnerable to buffer overflow when parsing malformed portable-executable header files that resulted in instant blue-screening and kernel memory corruption without user action on Windows.
“This is about as bad as it can possibly get,” Ormandy said at the time. “This is a remote code execution vulnerability. Because Symantec use a filter driver to intercept all system I/O, just emailing a file to a victim or sending them a link is enough to exploit it.”