Ad-blocking software is 'worse than Superfish'

Screen grab of PrivDog website Image copyright PrivDog website
Image caption The software was created by the founder of security firm Comodo

Researchers have identified a fresh threat to the way consumers interact with websites, this time from software designed to block advertisements.

PrivDog has been found to compromise a layer of the internet known as Secure Socket Layer (SSL) - used to safeguard online transactions.

It follows the discovery of a similar problem with Superfish, software pre-installed on some Lenovo computers.

PrivDog said that its issue might compromise more than 57,000 users.

"The issue potentially affects a very limited number of websites," the firm said in a statement.

"The potential issue has already been corrected. There will be an update tomorrow, which will automatically update all 57,568 users of these specific PrivDog versions."

PrivDog - a tool designed to block ads and replace them with ones from "trusted sources" - joins a growing list of software affected by related security flaws.

Experts say they have uncovered a further dozen examples since Superfish was brought to the public's attention last week.

Superfish was designed to help users find products by visually analysing images on the web to find the cheapest ones.

But it compromises security by intercepting connections and issuing fake certificates - the ID's used to identify websites - to trick sites into handing over data. This a practice commonly known as a man-in-the-middle attack.

Lenovo has since issued a tool to allow users to remove the hidden software. It now faces legal action from a group of users who say that it acted unlawfully in pre-loading it.


PrivDog, has been described by several experts as being "worse than Superfish".

A particular concern is its links to the security firm Comodo, which issues a third of the secure certificates used on the web.

PrivDog was developed by the founder of Comodo, Melih Abdulhayogulu, and some versions of it are packaged with Comodo's own software.

But Comodo told the BBC that the affected versions "had never been distributed" by it.

A discussion begun on the Hacker News forum first uncovered that in the process of swapping adverts, PrivDog also appeared to leave machines vulnerable to attack.

In a blogpost freelance technology journalist Hanno Boeck explained: "A quick analysis shows that it doesn't have the same flaw as Superfish, but it has another one which arguably is even bigger."

"PrivDog is in every sense as malicious as Superfish," added Simon Crosby, co-founder of security firm Bromium.

"It intercepts and decrypts supposedly secure communication between the browser and a remote site - such as the user's bank - ostensibly to insert its own advertising into pages in the browser.

"It is substantially more scary, though, because PrivDog effectively turns your browser into one that just accepts every https certificate out there without checking its validity, increasing vulnerability to phishing attacks, for example."

User privacy

Last week Comodo announced that it had become the number one digital certificate authority in the world, with its products used by nearly 35% of all websites ending in .com.

"They are one of the leading certificate authorities, and the fact that PrivDog is issuing fake certificates is shocking," said Marc Rogers, principal researcher at security firm CloudFlare.

In a blogpost written at the beginning of 2014, Mr Abdulhayogulu said that he had developed PrivDog "with the privacy of the user in mind".

"Isn't it great that the company whose DNA is about your security makes more money so that they can continue to innovate and invest in products that make you safer," he wrote at the time.

Parental controls

Security experts have identified a growing list of software that appears to interfere with SSL.

Most of the products were developed by security firms, said Mr Rogers.

They include anti-malware software and tools designed to offer parents more control over their children's web browsing.

All can be traced back to Komodia - technology developed by an Israeli firm, which describes itself as a "SSL hijacker".

At the time of writing, Komodia's website was offline. It blamed this on a denial-of-service attack prompted by "recent media attention".

Related Topics

More on this story

Related Internet links

The BBC is not responsible for the content of external Internet sites