Researchers Warn that TLS Inspection by Antivirus Programs Exposes Individuals to Attacks

Researchers Warn that TLS Inspection by Antivirus Programs Exposes Individuals to Attacks

Researchers at leading tech companies and universities have warned that the now-common TLS inspection procedures carried out by antivirus programs compromise the security level of individuals.

In a paper, the researchers, who were largely drawn from Google, Mozilla and some leading Universities in the United States, state the manner in which antivirus programs intercept highly secure HTTPS and HTTP connections to inspect the connections jeopardises the efforts of enhancing cybersecurity for the general public.

‘The so-called TLS Handshake compromises the security of people on the network because it changes the encrypted text of the traffic into plain text, thus making it possible for hackers operating on the network to access the data that a person is sending to a website,’ the researchers state in the paper.

TLS Handshake is a complex manoeuvre that antivirus programs use to check the level of security of any kind of connection that a user establishes with a network in a bid to protect the user from accessing spoofed sites.

The procedure usually involves the antivirus program decrypting the traffic that an individual is sending to a particular website using the HTTPS or the HTTP connection protocol.

The antivirus program momentarily changes the encrypted text to plaintext form before encrypting again.

However, the researchers now point out that this procedure is potentially disastrous to users because many antivirus programs use relatively weak algorithms to encrypt the traffic before allowing the communication between a user and a website to proceed.

The researchers also say that it is easy for hackers to grab on the information that exists online in plain text during the handshake process.

These findings come at a time when leading players are pushing hard for the adoption of the HTTPS protocol for every website. The HTTPS protocol is a secured form of communication channel that makes it almost impossible for hackers to access the traffic that a person exchanges with a website.

Currently, all websites that allow visitors to carry out financial transactions use the HTTPS protocol.

The researchers point out that incidents of antivirus programs intercepting HTTPS-based traffic and exposing users to many types of cyber attacks have been on the rise in the recent past.

According to the findings of the research, 97% of the TLS Handshakes that occurred on Mozilla Firefox browser over the recent past exposed users to risks. The researchers also point out that 32% of the HTTPS-based connections of the transactions that occurred on e-commerce sites in the recent past compromised the security of users.