Emerging Tech

URI flaws more serious than originally believed


URI flawsAccording to security researchers Billy Rios and Nathan McFeters, the issues involving the URI (Uniform Resource Identifier) protocol handler technology is more widespread and problematic than first thought.

In fact, it can potentially be misused to steal data from a victim's computer.

The URI protocol handler is what Windows uses to launch applications via the browser.

As a direct result of the FireFox and IE debacle last month, security researchers have been scrambling lately to research how malformed URIs could be used to run unauthorized software on a victim's PC. Not going with the crowd, Rios and McFetters decided instead to focus on how attackers could simply misuse the legitimate features of software launched via the URI protocol handler.

They termed this kind of attack as a "functionality based exploitation." Their findings prove to be sobering.

Says McFeters in New URI browser flaws worse than first thought:

It is possible through the URI to actually steal content from the user's machine and upload that content to a remote server of the attacker's choice. This is [done] through functionality that the application supports.

The crux of the issue seems to be that software developers have rushed into incorporating the URI functionality into their applications without properly considering if it is even necessary, much less the possibility of it being used as an attack vector. In many cases, the rationale behind an application even registering a URI with the OS is inexplicable.

The potential complications that could arise are huge, but unfortunately is not something that can be fixed in Windows or Internet Explorer. Mark Griesi, a security program manager with Microsoft, maintains that it's up to the individual software developers whose programs may be misused to fix the problem.

Eric Schultze, chief security architect with Shavlik Technologies LLC, sums up the situation.

It's a hacker's dream and programmer's nightmare. I think over the next six to nine months, hackers are going to find lots of ways to exploit standard applications to do non-standard functions.

Ouch. Perhaps it's time to pick an AV from the various AV software listed in Not all AV tools are created equal: Uproar from AV vendors kicks off round two.

Alternatively, tell us what you think of this impending disaster involving the URI protocol handler.

About

Paul Mah is a writer and blogger who lives in Singapore, where he has worked for a number of years in various capacities within the IT industry. Paul enjoys tinkering with tech gadgets, smartphones, and networking devices.

2 comments
BALTHOR
BALTHOR

The hacker can enter your computer and slide a virus from the hacker's computer to your computer.Some of these virus then could reside in the CPU or BIOS and on the hard drive or in your RAM where they are tied together to your file.(A file will not delete because it also is in the CPU)The hacker has XP in the CPU and the clock is in the trillions.Your virus scanner would have to detect that---fat chance.For anti virus software the problem there is:"What constitutes a virus"?

paulmah
paulmah

Tell us what you think of this impending disaster involving the URI protocol handler.