The importance of signing updates

There is a widely used exploit called Evilgrade, which "upgrades" the installed package to malware:http://krebsonsecurity.com/2010/11/evilgrade-gets-an-upgrade/"Among the software products that Amato says EvilGrade can compromise are iTunes, Java, Skype, Winamp even security applications like Superantispyware, Sunbelt, and Panda Antirootkit (a longer list of vulnerable apps is available in the documentation)."

I see wyUpdate has update signing built in:http://wyday.com/wybuild/help/update-signing.php

My question is: is wyUpdate vulnerable to this sort of exploit?

Andrew

Hey Andrew,

My question is: is wyUpdate vulnerable to this sort of exploit?

No, wyUpdate is not vulnerable to this sort of exploit. Update signing is cryptographically secure (it uses 2048-bit asymmetric cryptography). This means that if you use update signing (which is on by default) and you don't share your wyBuild project (it contains the signing key), then you are completely safe.

The reason such high profile products are so easily exploited is that these companies aren't in the business of updating. They don't live and breath updates and patches. We do.

Thanks for the quick and accurate reply!

On further reading, it seems like the exploit is related to fake update sites - they seem to attack the network and DNS, they claim even Microsoft updates are vulnerable.

Its probably worth hosting updates on a secure server and sending the updates over https or ftps over an SSL protected link.

Update signing protects against spoofing DNS. Here's what happens if a hacker tries to spoof your update site:

wyUpdate downloads the update, it tries to verify the update, it fails the verification step. So, worst case scenario is that your users waste a bit of bandwidth. No malicious updates are ever installed.

Reply
Discard post