Malicious updates - are they really a thing?
Is there evidence of this and if yes on which platforms? - Windows? IOS? others?
Thanks
This is a vague question. Are you talking about OS updates or general software updates? What do you consider a “malicious” update? Malicious could mean anything from adding a ton of trackers to adding an RCE.
2 Likes
I am talking mainly about OS updates from the government. If i use a proprietary OS mobile or PC, can the government make a malicious update to spy on me directly?
Do you mean you’re using apps that are made by the government or the entire OS?
You’re still not clear enough with how and what you mean.
But either way, I think the answer is yes - it’s possible. The real question is how likely or not it is. And that depends on the government and the suspected software in question.
A supply chain attack can behind an malicous update. It has caused havoc before: The Untold Story of NotPetya, the Most Devastating Cyberattack in History | WIRED
Ok i will give an example as narrow as possible. Let’s say i use Windows 11 PRO edition. Can Microsoft issue an update at the direct order of the government to insert spyware on my installation?
I don’t see how they can specifically target your specific computers because updates like this are not for one but for all.
Perhaps they can make it so that when your logged in account on your computer requests for an update, it gets a special update with malware instead from the servers. But I really doubt the logistic feasibility of this.
I’m pretty sure, anyone worried or targeted like this will be targeted in a more sophisticated manner and it’s always mobile for most cases as it’s where you have more sensitive information for the most part.
… Is right , and happen in China
CCP require smartphone company set national monitor software in OS
China and similar problematic nation states are always exceptions. I did not mean to include China with what I said.
If they know your IP? Probably. That’s one of what Whonix’s Tor updates aim to prevent. Features, Advantages, Use Cases - Whonix, although I heard that TCP/IP stack fingerprinting could theoretically overcome this.
Has it happened before in reality? I never heard of such a thing personally, and I doubt it’s something most people have to worry about.
Yes.
The Solarwinds Hack of 2019 pushed updates tainted with exploit code. These update/executable files were signed by the official key so you were technically getting it from the “correct” source.