Security Products Can Themselves Become Door for Hackers

A study by iViZ Security ( on security products titled “(In)Security in Security Products” finds that many security products are themselves vulnerable to hacking. Of the various categories of security tools, antivirus solutions, firewalls and VPN security tools were found to have maximum number of vulnerabilities.

The study reveals that security product companies do not necessarily produce more secure products. Commenting on the implication of this finding, Bikash Barai, CEO of iViZ said, “With Operating Systems getting more secure, hackers have started looking for alternative routes to inject malicious code. Security products represent a naturally attractive category for hackers to target because of their vulnerabilities and the fact that they are used widely in businesses and homes.”

iViZ Security has discovered several vulnerabilities in leading security products from companies such as Symantec, McAfee, Microsoft, F-Secure and Computer Associates. Notable amongst them was how anti-virus software could itself become a door for a hacker by using “client side” exploitation techniques.

The vulnerability trend in security products is very similar to that of normal products. The detailed report also provides a list of security products with the highest number of vulnerabilities discovered; incidentally, topping the list was Clam AV, followed by Norton Anti-Virus. Cisco tops the list for security companies.

Commenting on vulnerability trends, Jitendra Chauhan, who headed the team that conducted the study, said, “although there is a growing movement to disclose vulnerabilities, many of them still remain a secret. There is an underground business where such vulnerability information is traded for various reasons linked to cyber-warfare or cyber-crimes.”

Download the full report -