Antivirus apps are supposed to protect your pc or smartphone against viruses and hackers. However, it has recently been revealed that there are over 28 popular antivirus apps that have been found to be vulnerable to common security flaws. Using these apps could place your device and data in danger. Here's what you should know and why you should be worried if you're using one of them.
Read More: Experts Discover a New Way to Improve Video Streaming Through a New Algorithm
Here are 28 antivirus apps that are not safe to use due to vulnerabilities
Your favorite antivirus apps like Kaspersky, Microsoft, McAfee, to name a few, share one similar flaw. The flaw is derived from their same source code that hackers can exploit.
RACK911 Labs was the first to discover the vulnerability and has since published their findings to let people know, and to push companies to address the flaws.
RACK911 Labs has created a unique way of using the directory junctions for Windows and symlinks for macOS and Linux to turn almost every antivirus software into self-destructive tools that could render your operating systems compromised or worse, unusable.
Method of exploitation
Almost all antivirus software work the same way. When an unknown file is saved to the hard drive, the antivirus performs a "real-time scan" instantly or within a couple of minutes.
If the unknown file is determined to be a threat, the file will automatically be quarantined to a secure location pending further instructions by the user, or may be deleted entirely.
Antivirus software run in a privileged state. This means that it operates in the highest level of authority within the operating system, and this is where the vulnerability resides.
File operations are almost always performed at the highest level, which opens the door to a wide range of vulnerabilities and various race conditions.
Most antivirus software fail to note the small window of time from between the initial scan that detects the malicious file, and the cleanup that takes place right after.
If a person with malicious intent gains access to your computer, he or she will perform a race condition via a directory junction from Windows or symlink for Linux and macOS, which leverages the privileged file operations to disable antivirus software or stop the operating system not correctly to work.
The exploit is easier than you think so be warned
The exploits are simple to do. Malware authors will have no problem using this exploit if they want to cause harm to your PC and files. The hardest part will be figuring out when to perform the directory junction or symlink since timing is everything.
The list of affected antivirus software that have the vulnerability can be seen here at the very bottom of the page.