This Makes No Technical Sense

Online Security Reading Time: 2 minutes

Recently, it was reported by Google Security that there might be a small local vulnerability in Comodo GeekBuddy that allowed a local attacker to gain another locally logged-on user’s privilege. Here is the link from Google’s Project 0. https://code.google.com/p/google-security-research/issues/detail?id=703

The minor potential vulnerability was fixed and addressed back on February 10, prior to it being made public by Google Security.

Remote security

Unfortunately, in some posts and reports, it has been erroneously stated that an attacker could somehow gain access to a user’s PC through Comodo GeekBuddy and a logged in user.

We spoke with Comodo Senior Vice President of Engineering Egemen Tas on this issue.

“This makes no technical sense. It is not reasonable to expect a remote attacker to connect to your PC with GeekBuddy. First and foremost, GeekBuddy does NOT open any ports and does not accept any incoming connections. Only Comodo technical support, during specific support sessions, can connect and this connection is established through Comodo relay servers, not from a local network or from the internet.”

Mr. Tas continued:

“Second, the vulnerability reported has nothing to do with accessing a VNC server remotely, but using a VNC server to obtain another user’s privilege level — if you have access to the same PC and know the details of the password generation algorithm.”

“Third, the issue cannot be exploited remotely. The attacker has to gain local access to the PC first in order to try and do anything – and the password would need to be predictable only by skilled attackers”

“And lastly, the minor vulnerability has been fixed and addressed back on February 10.”

In summary – all software goes through patch and fixes and this minor issue has already been fixed in GeekBuddy 4.25.380415.167(released on February 10th) and shared with customers.

At Comodo, we always strive to protect our users, and to assist you here are some frequently asked questions on the issue. Customers can feel free to contact GeekBuddy directly at livepcsupport@comodo.com or 866-272-9804.

What is the issue?
GeekBuddy uses a modified version of VNC to allow Comodo technicians remote access the PCs during support sessions. In order to use VNC, a local user needs to have a password. In GeekBuddy we automatically generate the password per computer to prevent any local user access to this service.

Which GeekBuddy or CIS versions are affected?
The reported issue does not affect Comodo Internet Security (CIS). It is specifically related to GeekBuddy versions prior to Build 167. We released the hotfix on the 10th of February.

Does GeekBuddy allow remote access by anyone?
No. GeekBuddy is used for remote technical support by Comodo engineers only. It is not technically possible for anyone to connect to your PC. It does NOT open any ports at all. This issue does not allow any remote attacker to obtain any privileges. It requires local access and specific conditions.

Related Resource:

TEST YOUR EMAIL SECURITY GET YOUR INSTANT SECURITY SCORECARD FOR FREE Source: https://blog.comodo.com/comodo-news/geekbuddy-vulnerability-makes-no-technical-sense/

Generative Data Intelligence

A studio helmed by StarCraft 2’s multiplayer lead wants to create an RTS ‘paradigm shift’ with its unannounced game

No Rest for the Wicked isn’t a Diablo, but it might be one of the smartest soulslikes I’ve played in a long time

Latest Intelligence

Moment Factory Harnesses Sphere’s Next-Generation Technologies to Reimagine Concert Experience

Introducing automatic training for solutions in Amazon Personalize | Amazon Web Services

Save 20% On No Rest For The Wicked, And Get A Free Game For A Limited Time

Pokémon Go Bellsprout Community Day guide

Bandai Namco April 2024 Switch eShop sale: lowest prices ever for Digimon World: Next Order, We Love Katamari, more

Asus Customizable Xbox Controller Drops To Lowest Price Yet At Amazon

Chat with us