Kaspersky Antivirus Flaw Exposed Users to Cross-Site Tracking Online
In this digital era, the success of almost every marketing, advertising, and analytics company drives through tracking users across the Internet to identify them and learn their interests to provide targeted ads.
Most of these solutions rely on 3rd-party cookies, a cookie set on a domain other than the one you are browsing, which allows companies including Google and Facebook to fingerprint you in order to track your every move across multiple sites.
However, if you’re using Kaspersky Antivirus, a vulnerability in the security software had exposed a unique identifier associated with you to every website you visited in the past 4 years, which might have allowed those sites and other third-party services to track you across the web even if you have blocked or erased third-party cookies timely.
The vulnerability, identified as CVE-2019-8286 and discovered by independent security researcher Ronald Eikenberg, resides in the way a URL scanning module integrated into the antivirus software, called Kaspersky URL Advisor, works.
Well, it’s no surprise, as most Internet security solutions work in the same way to monitor web pages for malicious content.
“That’s a bad idea because other scripts that run in the context of the website domain can access the HTML code at any time and thus the injected Kaspersky ID. This means in plain language that any website can simply read the Kaspersky ID of the user and misuse it for tracking,” the researcher says.
“The IDs were persistent and did not change after several days. This made it clear that an ID can be permanently assigned to a specific computer.”
“Kaspersky has fixed a security issue (CVE-2019-8286) in its products that could potentially compromise user privacy by using unique product id which was accessible to third parties,” the company says in its advisory.
“This issue was classified as User Data disclosure. The attacker has to prepare and deploy a malicious script on the web servers from where he will track the user.”
However, the Kaspersky URL Advisor feature still enables websites and third-party services to find out if a visitor has Kaspersky software installed on his system, which the researcher believes can be abused by scammers and cybercriminals indirectly.
“An attacker could use this information to redistribute a pest tailored to the protection software or redirect it to a suitable scam page, with the slogan: Your Kaspersky license has expired. Please enter your credit card number to renew the subscription,” Eikenberg warned.
The updated versions of Kaspersky Antivirus, Internet Security, Total Security, Free Antivirus, and Small Office Security products have already been delivered to affected users.
But, users who want to disable this tracking altogether can manually disable the URL Advisor feature from settings→ additional→ network→ un-check traffic processing box, as shown in the above screenshot.