Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Tuesday August 20 2019, @01:19PM   Printer-friendly
from the not-the-only-AV-vendor-to-do-this dept.

Submitted via IRC for SoyCow2718

Unique Kaspersky AV User ID Allowed 3rd-Party Web Tracking

Kaspersky antivirus solutions injected in the web pages visited by its users an identification number unique for each system. This started in late 2015 and could be used to track a user's browsing interests.

Versions of the antivirus product, paid and free, up to 2019, displayed this behavior that allows tracking regardless of the web browser used, even when users started private sessions.

Signaled by c't magazine editor Ronald Eikenberg, the problem was that a JavaScript from a Kaspersky server loaded from an address that included a unique ID for every user.

Scripts on a website can read the HTML source and glean the Kaspersky identifier, which Eikenberg determined to remain unchanged on the system.

"In other words, any website can read the user's Kaspersky ID and use it for tracking. If the same Universally Unique Identifier comes back, or appears on another website of the same operator, they can see that the same computer is being used."

The purpose of the script is perfectly legitimate. One of its uses is to warn users which search results are dangerous to follow by applying a corresponding checkmark next to them. Kaspersky is not the only antivirus to do this.

Kaspersky acknowledged the issue and that it could be leveraged by third parties to "potentially compromise user privacy by using unique product id."

The company released a patch in early June. According to an advisory from July 11, an attacker could take advantage of this through a script deployed on a server they control.

Before reporting the problem to Kaspersky, Eikenberg tested the potential of his discovery by spending about half an hour creating a website that automatically copied the visitors' Kaspersky IDs.

Eikenberg argues that if he could find this issue, which is now identified as CVE-2019-8286, it is possible that marketers, malicious actors, and companies specializing in profiling website visitors have discovered this user data leak years ago and exploited it; there is no evidence to support this, though.

Also at ArsTechnica


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 1, Insightful) by Anonymous Coward on Tuesday August 20 2019, @01:32PM (5 children)

    by Anonymous Coward on Tuesday August 20 2019, @01:32PM (#882573)

    The story here is that Kaspersky was caught spying on users, even paid users. Even users who may have voted online (in countries, provinces and cantons that allow it).

    This wasn't a "bug". It was a way to track and monetize Kaspersky users' web usage.

    The fact that Kaspersky removed it after getting caught red handed does not absolve them of their actions (which may be illegal in some counties).

    Starting Score:    0  points
    Moderation   +1  
       Insightful=1, Total=1
    Extra 'Insightful' Modifier   0  

    Total Score:   1  
  • (Score: 0, Interesting) by Anonymous Coward on Tuesday August 20 2019, @02:07PM (4 children)

    by Anonymous Coward on Tuesday August 20 2019, @02:07PM (#882587)

    It was all part of Emperor Trump's Get Elected system.

    They haven't actually fixed it, of course, just changed some things to make people believe it's been changed.

    • (Score: -1, Troll) by Anonymous Coward on Tuesday August 20 2019, @04:07PM (2 children)

      by Anonymous Coward on Tuesday August 20 2019, @04:07PM (#882645)

      Maybe you should go outside and get some fresh air. Leave the computer and the crazy behind, and get yourself some sunshine.

      • (Score: 2) by aristarchus on Tuesday August 20 2019, @04:59PM

        by aristarchus (2645) on Tuesday August 20 2019, @04:59PM (#882682) Journal

        Eine viruswarnung erst das virus ist.

      • (Score: 0) by Anonymous Coward on Wednesday August 21 2019, @04:43AM

        by Anonymous Coward on Wednesday August 21 2019, @04:43AM (#882967)

        Says the AC who needs to lighten up.

    • (Score: 0) by Anonymous Coward on Tuesday August 20 2019, @06:47PM

      by Anonymous Coward on Tuesday August 20 2019, @06:47PM (#882721)

      Emperor Putin, remember the point of Trump's presidency is to destabilize the US while extracting money for the super rich and preferential treatment for Russia like lifting sanctions.

      Trump is too much of a baby to handle Emperorship anyway, at most he would be the child emperor while the real hooligans get down to business.