BlackBerry Cylance to rush out a fix for anti-virus bypass exploit
But you'll have to wait until next week until it's ready
BlackBerry Cylance has acknowledged the threat posed by an exploit to its anti-virus software, which supposedly uses artificial intelligence (AI) to identify potential threats, and has pledged to rush-out a fix.
However, users will have to wait until next week before the hot-fix is available.
In a statement, the company said: "BlackBerry Cylance is aware that a bypass has been publicly disclosed by security researchers. We have verified there is an issue with CylancePROTECT, which can be leveraged to bypass the anti-malware component of the product.
"Our research and development teams have identified a solution and will release a hotfix automatically to all customers running current versions in the next few days."
The vulnerability was disclosed earlier this week, when researchers in Australia claimed that they had worked out a way to ‘trick' Cylance's scanners into passing-off malware-laden code as safe.
Specialists at Skylight Cyber claim that they were able to get BlackBerry Cylance's PROTECT system to identify malware as "goodware" - a claim that has now been verified and taken on board by BlackBerry.
"AI-based products offer a new and unique attack surface. Namely, if you could truly understand how a certain model works, and the type of features it uses to reach a decision, you would have the potential to fool it consistently, creating a universal bypass," they wrote.
"Combining an analysis of the feature extraction process, its heavy reliance on strings, and its strong bias for this specific game, we are capable of crafting a simple and rather amusing bypass," they added.
Simply by appending a selected list of strings to a malicious file, they could change its score significantly so that it wasn't identified by the software as suspicious. "This method proved successful for 100 per cent of the top 10 Malware for May 2019, and close to 90 per cent for a larger sample of 384 malware."