Among the various articles, I did not find any mention about mobile antivirus applications.
We can cite for example the blog posts from CyberAks Lab on common security bugs in Desktop Antivirus products or also the Orange Tsai research on SSL VPN providers. While doing some research on the subject, I discovered the awesome work already initiated by several security researchers in 2020. Could these solutions that are supposed to protect the system and block attackers be abused by an attacker to gain even more privileges on the system ? Recent research at SCRT has been greatly motivated by the paradoxical idea of attacking security solutions. The presence of a bug in one of these types of solutions could allow a malware to elevate its privileges and cause more damage to the organization. Although the usefulness of security tools such as Antivirus, VPN and EDR is now indisputable in business circles, these solutions often need a lot of privileges and permissions to work properly, also making them an excellent target for an attacker.
0 kommentar(er)
