Skip to main content

Windows Vulnerability Found using vCard Files

By May 1, 2019No Comments5 min read

Among the many operating systems, the technology world has witnessed, Windows and Mac OS have occupied a somewhat special position in the minds of the users and technology enthusiasts. These operating systems are far more user-friendly and easy to work with. When it comes to choosing between a plethora of operating systems in the market, what dominates the users choice is security and privacy.

Security and privacy, especially in the era of competition, just cannot be compromised with. There have been instances of companies hiring hackers and trying other malpractices to use the data of their rival companies. The numerous ways hackers have come up with in recent years to break through the computer security systems to gain unauthorized access to data is a matter of contention.

While people were busy expressing their surprise at the whammy of malware EXE files, run on Mac OS hackers gave a second shock when vCard files tested the vulnerability of Windows operating system.

Security to a computer system and the devices is essential not only to protect the system against unauthorized access but also to protect it against worms, viruses, Trojan horses, etc. which can cause severe damage to a system. One can keep a check on his system through the following ways:

  • Authentication:

It means to keep a check that the user is genuine verifying his identity. This can be done through username and password, fingerprint, etc.

  • One time passwords:

These are an effective method of verification as these particular set of numbers and alphabet can be used only once. These one-time passwords are sent to the user’s email or mobile phone, and he needs to enter the password before logging in.

  • Program threats:

These are the programmes installed on a computer that stores data and sends it to a hacker. Examples are Trojan Horse, trap door, virus, etc.

  • System threats:

It refers to the misuse of services and installs programmes that can cause damage to all the computers connected via a network. Examples are worms, denial of services, port scanning, etc.

The computer security system has been classified in the following ways:

  • Type A:

This ensures the highest level of security and protection of the computer system as it uses the latest technologies and modern methods to keep unauthorized access at bay.

  • Type B:

It provides a lower level of security than type A and a higher level of security than type C. It is of three types- B1, B2, and B3.

  • Type C:

It assures of a moderate level of security and is of two types- C1 and C2.

  • Type D:

It ensures the lowest level of security. MS-DOS Windows 3.1 use this type of security system.

Now that all the aspects of security and protection of a computer system are crystal clear, we need to look forward to the vulnerabilities and the consequences.

The vulnerability of a computer system simply refers to the loopholes in the coding and algorithms of a system.

Vulnerabilities may be of the following form:

  • Bugs
  • Weak passwords
  • Missing data encryption
  • Buffer overflow
  • Path traversal
  • Downloading of codes without an internet security check
  • Use of broken algorithms
  • Missing authorization

The vulnerability of a system can not only affect a particular user but an organization or a nation. It can bring huge economic loss, and a threat to economic, political and military data.

Vulnerabilities can be protected by following these simple steps:

  • Staying on top of bandwidth usage with alerts
  • Blocking users from visiting dangerous and unsafe sites
  • Identifying by scanning regularly.

Talking of the windows vulnerability using vCard files it is important to know about the nuts and bolts of the incidence to prevent any further damage. The damage caused by vCard files in Windows 10 and can allow the hacker to execute code in your system without actually having access. This was reported by a security researcher John Page and reported to the Microsoft Company via Trend Micro’s Zero-day Initiative. In its response, the company has hitherto not claimed to remove the loopholes. The issue has not been registered yet.

The issue was introduced by the vCard files. A vCard which is also known as a VCF (Virtual Contact File) is as the name suggests a contact file(VCF file) which is stored in your system. These are a virtual form of electronic business cards. The Microsoft operating system uses the vCard to store facts figures and information. vCards have particular spaces assigned for each contact and its information. But hackers have found ways to be able to establish a connection between this information and can download and execute various other applications. The hackers get this opportunity when a user clicks on a link set as a trap.

There is also proper evidence available to prove this incidence, but Microsoft is adamant on not accepting the matter and fixing the issue. As stated earlier, if the user clicks on the link, the Windows will run the program without displaying any warning just as if the URL is any other link and not a gateway for the hackers to give him hands on the most precious data of an organization.

A reason why Microsoft continues to disagree with the mishap is to cover for its vulnerable security system which was not able to identify the malicious link and did not provide any warning to the user. The irony lies in the fact that the card is used by Microsoft to give its users a convenient option to store their confidential data, but few patches in the security system led to the data not being confidential anymore.

The problem can be resolved by promoting Windows to come up with a specially designed vCard file that displays a warning in case any malicious program is installed on the system. The hacker would definitely probe the user to click on the hyperlink, but Windows should display a warning message.

  Contact us today to learn about Bleuwire™  services and solutions in how we can help your business.