Anti-virus vendors typically use sandboxes to isolate malware that is detected by their scanning engines. But what happens if the sandbox is leaky?
That's precisely the scenario that SafeBreach co-founder and CTO Itzik Kotler and Vice President of Security Research Amit Klein detailed in a session at the Black Hat USA conference last week.
The SafeBreach duo explained how they were able to create a malicious file to trick the anti-virus engine into running the code in a supposedly isolated sandbox. As it turns out, the sandbox was leaky and the researchers were able to get information out.
Kotler and Klein provided an overview of the method in a press conference at the event.https://o1.qnsr.com/log/p.gif?;n=203;c=204660766;s=9477;x=7936;f=201812281312070;u=j;z=TIMESTAMP;a=20392931;e=i
Watch the full video below:
Sean Michael Kerner is a senior editor at eSecurityPlanet and InternetNews.com. Follow him on Twitter @TechJournalist.