Silent Updates Proposed for Firefox Are a Bad Security Risk
By John P. Mello Jr.
As a way to speed up the process of updating Firefox, Mozilla engineers are mulling over a silent update feature, which one security expert argues is a bad idea.
Currently, when Firefox detects an available update, it lets you know and if you agree to install it, the browser launches its updater program. That program downloads the update, applies it to Firefox, and restarts the browser. While all that is happening, you’re twiddling your thumbs watching a progress bar on your computer screen.
To skirt the lag time in the current updating process, the Firefox team is considering a “silent” alternative. Instead of performing an update in the foreground, updates would be downloaded in the background and installed on a copy of the browser in a new directory. The first time that you launch Firefox after an update has been completed, your old version of Firefox is swapped out for the new version. “In this scenario, you likely won’t notice that Firefox has applied an update as no UI is shown,” Firefox Engineer Ehsan Akhgari recently wrote in a Mozilla blog.
“Now, the reason that this approach fixes the problem is that swapping the directories, unlike the actual process of applying the update, is really fast,” he added.
Fast But Dangerous?
It may also be really dangerous, according to Philip Lieberman, the founder and president of Lieberman Software, a maker of password management solutions located in Los Angeles.
“While many IT security systems will have to be reconfigured to allow background updates to Firefox–which is not a good thing in the first place–there is danger that hackers could subvert the update system to allow them back-door access to the users’ computer,” Lieberman wrote today in Business Computing World.
Sure, silent updating may be more convenient to consumers, the security expert noted, but it will also invite hacker exploitation of the process. “If, as I think appears quite likely, hackers start reverse engineering the Firefox background updating system–and remember we are talking about open source software here–then it is only a matter of time before they subvert this auto-updating mechanism to inject malware,” he wrote.
Later this week at a conference in India, he continued, it’s expected that the first bootkit for Windows 8, which hasn’t even entered the mainstream yet, will be demonstrated by White Hat hacker Peter Kleissner. “It doesn’t take a programming genius to figure out that– against the backdrop of a Windows 8 bootkit–it shouldn’t be difficult to subvert a background updater for a piece of open source software like Firefox 10,” Lieberman reasoned.
He maintains that access to the updating processes on a computer should be in the hands of people with administrative privileges. That’s true on corporate systems, but it’s also true on consumer systems so that owners can control what a piece of software does to their machines.
The prospect that administrators would have to give up their control of the update process is one that should cause both administrators and consumers to howl. “And for the very good reason that this is a recipe for a hacker security incursion in the background,” Lieberman declared.