Superfish not the only app using Komodia’s SSL-busting code

As Lenovo backtracked on its initial position that the Superfish adware pre-installed on some of its notebooks is not a security danger, and released a security advisory about the “vulnerability” that allows it to install a self-signed root certificate in the local trusted CA store, Superfish CEO Adi Pinhas did the same.

After first saying that the Superfish software does not present a security risk because it does not “store personal data or share such data with anyone,” Lenovo CTO Peter Hortensius shifted the blame to Israel-based Komodia, whose SSL decryption library was used by the Superfish add-on. Pinhas said that the “vulnerability was introduced unintentionally by a 3rd party.”

US-CERT has issued a security alert warning about the adware, and pointed out that “the underlying SSL decryption library from Komodia has been found to be present on other applications, including KeepMyFamilySecure.”

“In multiple applications implementing Komodia’s libraries, such as Superfish Visual Discovery and KeepMyFamilySecure, the root CA certificates have been found to use trivially obtainable, publicly disclosed, hard-coded private keys. Note that these keys appear to be distinct per application, though the same methods have proven successful in revealing the private keys in each instance,” they explained in a vulnerability note about the Komodia Redirector with SSL Digestor.

“In addition to sharing root CA certificates across installation, it has been reported that the SSL validation that Komodia itself performs is broken. This vulnerability can allow an attacker to universally attack all installations of Komodia Redirector, rather than needing to focus on a single application / certificate.”

Matt Richard, a Threats Researcher on the Facebook Security Team, also shared the results of a project they started with researchers from Carnegie Mellon University to measure how prevalent SSL MITM was in the wild, and has pointed out that there are a dozen other software applications using the Komodia library, and that many of them appear to be suspicious.

“We can’t say for certain what the intentions of these applications are, but none appear to explain why they intercept SSL traffic or what they do with data,” he noted, adding that there is also malware out there using Komodia’s libraries to break SSL encryption.

Antivirus provider Lavasoft has also shared that its Ad-Aware Web Companion software also used to rely on Komodia’s SSL Digestor for inspecting HTTPS traffic, but that it has been removed in the newest version.

Researcher Hanno B?¶ck found Privdog, shipped with software from Comodo, to be worse than Superfish:

“A quick analysis shows that it doesn’t have the same flaw as Superfish, but it has another one which arguably is even bigger. While Superfish used the same certificate and key on all hosts PrivDog recreates a key/cert on every installation. However here comes the big flaw: PrivDog will intercept every certificate and replace it with one signed by its root key. And that means also certificates that weren’t valid in the first place. It will turn your Browser into one that just accepts every HTTPS certificate out there, whether it’s been signed by a certificate authority or not. We’re still trying to figure out the details, but it looks pretty bad.”

Finally, forensic scientist Jonathan Zdziarski has been curious enough to inspect LikeThat, an iOS and Android app made by Superfish, which apparently does quire a bit of application tracking and collecting of picture metadata.

“There’s no telling exactly what Superfish is and isn’t doing with what personal data. I guess the question really is whether or not you trust a company that Homeland Security is now warning you against,” he commented.

Update, 03/18/2015 Researcher Hanno B?¶ck updated his initial blog post to include the following:

The dangerous TLS interception behaviour is part of the latest version of PrivDog 3.0.96.0, which can be downloaded from the PrivDog webpage. Comodo Internet Security bundles an earlier version of PrivDog that works with a browser extension, so it is not directly vulnerable to this threat. According to online sources PrivDog 3.0.96.0 was released in December 2014 and changed the TLS interception technology.

Don't miss