HomeWinBuzzer NewsKaspersky Injected a Unique ID in Every Webpage That Let Third-Parties Track...

Kaspersky Injected a Unique ID in Every Webpage That Let Third-Parties Track Users

Since 2015, Kaspersky has been injecting a unique identifier into every webpage a user visits, which can then be read by the webpage to track them across the internet.

-

According to a new report, Kaspersky anti-virus has been injecting unique tracking ID into its user's webpages since 2015. The discovery, made by c't reporter Ronald Eikenberg, involves the injection of JavaScript directly into the HTML code of a browser for each website.

's main.js script is designed to display green checkmarks if it thinks the link leads to a clean website. However, its injection into the local HTML source code of users could have opened them to tracking. As scripts on a third-party website can access the complete HTML source at any point, they could have also accessed Kaspersky's unique tracking ID.

As a result, it would be trivial for companies with multiple sites to track users across the web. As it was present on every browser, they could do so across multiple applications and even if cookies were deleted. Even incognito mode would not be enough to stop the tracking.

Assumedly, those using a VPN would also be able to be identified. Visting a website with the IP address of a VPN provider, followed by a true IP address, would link the two via the Kaspersky ID. Thankfully, the behavior was not present in the Tor browser.

Whether or not any websites made use of this flaw is unknown. Kaspersky was quick to fix the issue once prompted but played down the chance of exploitation.

“Such an attack is too complex and not profitable for cybercriminals, and therefore unlikely to happen,” it told Eikenberg.

Its June solution, Patch F, changes the ID to match only to the user's specific Kaspersky edition. This is less privacy intrusive but could give hackers valuable information about whether a user's protection is outdated.

Ryan Maskell
Ryan Maskellhttps://ryanmaskell.co.uk
Ryan has had a passion for gaming and technology since early childhood. Fusing the skills from his Creative Writing and Publishing degree with profound technical knowledge, he enjoys covering news about Microsoft. As an avid writer, he is also working on his debut novel.

Recent News