{"id":1368,"date":"2021-04-26T10:04:11","date_gmt":"2021-04-26T10:04:11","guid":{"rendered":"https:\/\/website.prod.unilu.spikeseed.cloud\/fr\/news\/researchers-discover-fix-vulnerability-in-antivirus-software\/"},"modified":"2021-04-26T10:04:11","modified_gmt":"2021-04-26T10:04:11","slug":"researchers-discover-fix-vulnerability-in-antivirus-software","status":"publish","type":"news","link":"https:\/\/www.uni.lu\/fr\/news\/researchers-discover-fix-vulnerability-in-antivirus-software\/","title":{"rendered":"Researchers Discover &amp; Fix Vulnerability in Antivirus Software"},"content":{"rendered":"<section class=\"wp-block-unilux-blocks-free-section section\"><div class=\"container xl:max-w-screen-xl\"><p>Researchers at the University of Luxembourg, in collaboration with Royal Holloway University of London, have found a significant security weakness in popular software applications.<\/p><p>The flaw would have impacted the world\u2019s leading antivirus software systems and their customers, hadn\u2019t the researchers dutifully and ethically disclosed their findings and helped antivirus companies check and fix the issue, before going public.<\/p><p>The discovery\u2014now a published article issued by the Association for Computing Machinery titled \u201cCut-and-Mouse and Ghost Control: Exploiting Antivirus Software with Synthesised Inputs\u201d\u2014relates to the battlefield between antivirus software developers and malware attackers. Engaged in extremely competitive tit-for-tat battle where future attacks have to be anticipated, it may happen that certain old assumptions, such as \u201cA friend is friend and never a foe\u201d, are never questioned. This, in cybersecurity, is a weakness.<\/p><p>Dr. Ziya Alper Gen\u00e7\u00a0and Prof. <a href=\"https:\/\/wwwfr.uni.lu\/snt\/people\/gabriele_lenzini\" target=\"_self\" title=\"\" rel=\"noopener\">Gabriele Lenzini<\/a>, researchers at the Interdisciplinary Centre for Security, Reliability and Trust (SnT), together with Dr. Daniele Sgandurra, at the time of the discovery a researcher at the <a href=\"https:\/\/www.royalholloway.ac.uk\/\" target=\"_blank\" title=\"\" rel=\"noopener\">Royal Holloway University of London<\/a> and now Technical Director of the Big Data Threat Analysis Team at Huawei Munich Research Center, have found such a security vulnerability.<\/p><p>It all started when the team questioned whether current defense mechanisms trusted by-default all actions coming from a user\u2019s mouse and from a text editor like Notepad. But mouse actions can be simulated, and Notepad can be controlled as a puppet. With the first, they questioned, we could switch off all defenses; we could instruct the second to work as a ransomware. Testing this hypothesis on their computers against 29 leading antivirus (AV) systems, they found that 14 of them could be potentially fooled.<\/p><figure class=\"wp-block-dev4-reusable-blocks-image  object-fit--contain\">\n    \n<img decoding=\"async\" class=\"wp-block-image unilux-custom-image-block\"\n                alt=\"\"\n            src=\"https:\/\/www.uni.lu\/wp-content\/uploads\/sites\/11\/2023\/07\/snt2.png\"\n                    style=\"object-position: 50.00% 50.00%; font-family: &quot;object-fit: contain; object-position: 50.00% 50.00%;&quot;; aspect-ratio: 4\/3; object-fit: contain; width: 100%;\"\n        loading=\"lazy\"\n\/>            <p class=\"wp-block-dev4-reusable-blocks-image-caption\">\n            Ziya Alper Gen\u00e7 and Gabriele Lenzini        <\/p>\n    <\/figure><p>After discovering the vulnerability over a year ago, Gen\u00e7, Lenzini, and Sgandurra informed the potentially affected software providers, and offered their assistance to resolve the security issue if confirmed and still present. They remained available to all impacted companies throughout their responsible disclosure process, and continued to look for the possible solutions that can be deployed to resolve the security flaw. Out of the 14 vendors contacted, some have immediately released a fix to mitigate the vulnerability, while others acknowledged the issue and had promised to be removing the root cause of the weakness.<\/p><p>\u201cAntivirus software providers always offer high levels of security, and they are essential element in the everyday struggle against criminals. But they are competing with criminals which have now more and more resources, power, and dedication. This is why the role of academic research in vulnerability discovery, if conducted ethically and with high standard of professional conduct, can support security companies to be one step ahead of the criminals\u201d, says Prof. Lenzini.<\/p><p>Gen\u00e7, Lenzini, and Sgandurra\u2019s research approaches cybersecurity from a comprehensive framework, considering the design of systems, the legal basis they use, and crucially, the human element. Considering the perspective of fields beyond computer science allows to identify previously overlooked elements that impact the security and performance of a system.<\/p><p>\u201cThe University and the SnT have always prioritised the importance of interdisciplinary research,\u201d informs Prof. Lenzini. \u201cThis latest discovery emphasises the success of this approach, as the vulnerability was discovered because of truly out-of-the-box thinking for the field of cybersecurity.\u201d<\/p><p>\u201cThe business of security suffers a known curse: that if security works nothing bad happens. So, it is often easy to forget that security defenses must be always on. This is why is important that us researchers remain capable to take nothing for granted, because when security fails it may be too late.\u201d said Dr. Gen\u00e7. \u201cThis research also makes it clear that approaching cybersecurity from a holistic perspective is valuable. In addition, our disclosure and engagement with the impacted companies demonstrates how scientists can tackle these topics with the highest ethical standards.\u201d<\/p>\n<h5 class=\"has-text-align-left wp-block-unilux-blocks-heading\"        id=\"reference-ziya-alper-genc-gabriele-lenzini-and-daniele-sgandurra\"\n    >\nReference: Ziya Alper Gen\u00e7, Gabriele Lenzini, and Daniele Sgandurra.<\/h5>\n<p>2021. Cut-and-Mouse and Ghost Control: Exploiting Antivirus Software with Synthesised Inputs. Digit. Threat.: Res. Pract.2, 1, Article 4 (February 2021), 23 pages. <a href=\"https:\/\/doi.org\/10.1145\/3431286\" target=\"_blank\" title=\"\" rel=\"noopener\">https:\/\/doi.org\/10.1145\/3431286<\/a>)<\/p><\/div><\/section>","protected":false},"excerpt":{"rendered":"<p>Researchers at the University of Luxembourg, in collaboration with Royal Holloway University of London, have found a significant security weakness in popular software applications.<\/p>\n","protected":false},"author":0,"featured_media":0,"template":"","format":"standard","meta":{"featured_image_focal_point":[],"show_featured_caption":false,"ulux_newsletter_groups":"","uluxPostTitle":"","uluxPrePostTitle":"","_trash_the_other_posts":false,"_price":"","_stock":"","_tribe_ticket_header":"","_tribe_default_ticket_provider":"","_tribe_ticket_capacity":"0","_ticket_start_date":"","_ticket_end_date":"","_tribe_ticket_show_description":"","_tribe_ticket_show_not_going":false,"_tribe_ticket_use_global_stock":"","_tribe_ticket_global_stock_level":"","_global_stock_mode":"","_global_stock_cap":"","_tribe_rsvp_for_event":"","_tribe_ticket_going_count":"","_tribe_ticket_not_going_count":"","_tribe_tickets_list":"[]","_tribe_ticket_has_attendee_info_fields":false},"news-category":[4,3],"news-topic":[],"organisation":[184,226],"authorship":[],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v22.3 (Yoast SEO v22.3) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Researchers Discover &amp; Fix Vulnerability in Antivirus Software - Universit\u00e9 du Luxembourg<\/title>\n<meta name=\"description\" content=\"Researchers at the University of Luxembourg, in collaboration with Royal Holloway University of London, have found a significant security weakness in popular software applications.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.uni.lu\/fr\/news\/researchers-discover-fix-vulnerability-in-antivirus-software\/\" \/>\n<meta property=\"og:locale\" content=\"fr_FR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Researchers Discover &amp; Fix Vulnerability in Antivirus Software\" \/>\n<meta property=\"og:description\" content=\"Researchers at the University of Luxembourg, in collaboration with Royal Holloway University of London, have found a significant security weakness in popular software applications.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.uni.lu\/fr\/news\/researchers-discover-fix-vulnerability-in-antivirus-software\/\" \/>\n<meta property=\"og:site_name\" content=\"UNI FR\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/uni.lu\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.uni.lu\/wp-content\/uploads\/sites\/11\/2021\/04\/researchers_discover_fix_vulnerability_in_antivirus_software.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"600\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Dur\u00e9e de lecture estim\u00e9e\" \/>\n\t<meta name=\"twitter:data1\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"NewsArticle\",\"@id\":\"https:\/\/www.uni.lu\/fr\/news\/researchers-discover-fix-vulnerability-in-antivirus-software\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.uni.lu\/fr\/news\/researchers-discover-fix-vulnerability-in-antivirus-software\/\"},\"author\":{\"name\":\"\",\"@id\":\"\"},\"headline\":\"Researchers Discover &amp; Fix Vulnerability in Antivirus Software\",\"datePublished\":\"2021-04-26T10:04:11+00:00\",\"dateModified\":\"2021-04-26T10:04:11+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.uni.lu\/fr\/news\/researchers-discover-fix-vulnerability-in-antivirus-software\/\"},\"wordCount\":655,\"publisher\":{\"@id\":\"https:\/\/www.uni.lu\/fr\/#organization\"},\"inLanguage\":\"fr-FR\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.uni.lu\/fr\/news\/researchers-discover-fix-vulnerability-in-antivirus-software\/\",\"url\":\"https:\/\/www.uni.lu\/fr\/news\/researchers-discover-fix-vulnerability-in-antivirus-software\/\",\"name\":\"Researchers Discover &amp; Fix Vulnerability in Antivirus Software - Universit\u00e9 du Luxembourg\",\"isPartOf\":{\"@id\":\"https:\/\/www.uni.lu\/fr\/#website\"},\"datePublished\":\"2021-04-26T10:04:11+00:00\",\"dateModified\":\"2021-04-26T10:04:11+00:00\",\"description\":\"Researchers at the University of Luxembourg, in collaboration with Royal Holloway University of London, have found a significant security weakness in popular software applications.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.uni.lu\/fr\/news\/researchers-discover-fix-vulnerability-in-antivirus-software\/#breadcrumb\"},\"inLanguage\":\"fr-FR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.uni.lu\/fr\/news\/researchers-discover-fix-vulnerability-in-antivirus-software\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.uni.lu\/fr\/news\/researchers-discover-fix-vulnerability-in-antivirus-software\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.uni.lu\/fr\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"News\",\"item\":\"https:\/\/www.uni.lu\/fr\/news\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Researchers Discover &amp; Fix Vulnerability in Antivirus Software\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.uni.lu\/fr\/#website\",\"url\":\"https:\/\/www.uni.lu\/fr\/\",\"name\":\"Uni.lu\",\"description\":\"Universit\u00e9 du Luxembourg\",\"publisher\":{\"@id\":\"https:\/\/www.uni.lu\/fr\/#organization\"},\"alternateName\":\"Universit\u00e9 du Luxembourg\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.uni.lu\/fr\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"fr-FR\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.uni.lu\/fr\/#organization\",\"name\":\"Universit\u00e9 du Luxembourg\",\"alternateName\":\"Uni.lu\",\"url\":\"https:\/\/www.uni.lu\/fr\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\/\/www.uni.lu\/fr\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.uni.lu\/wp-content\/uploads\/sites\/11\/2026\/03\/03120045\/UNIV_SM-Profile_1600x1600px-scaled.jpg\",\"contentUrl\":\"https:\/\/www.uni.lu\/wp-content\/uploads\/sites\/11\/2026\/03\/03120045\/UNIV_SM-Profile_1600x1600px-scaled.jpg\",\"width\":2560,\"height\":2560,\"caption\":\"Universit\u00e9 du Luxembourg\"},\"image\":\"https:\/\/www.uni.lu\/wp-content\/uploads\/sites\/11\/2026\/04\/24120552\/20200609-Belval-Campus_Henri-Goergen-23.jpg\",\"sameAs\":[\"https:\/\/www.facebook.com\/uni.lu\",\"https:\/\/www.linkedin.com\/school\/university-of-luxembourg\/\",\"https:\/\/www.instagram.com\/uni.lu\",\"https:\/\/www.youtube.com\/@uni_lu\",\"https:\/\/en.wikipedia.org\/wiki\/University_of_Luxembourg\"],\"email\":\"communication@uni.lu\",\"telephone\":\"+352 46 66 44 1\",\"address\":{\"@type\":\"PostalAddress\",\"streetAddress\":\"2, place de l\u2019Universit\u00e9\",\"addressLocality\":\"Esch-sur-Alzette\",\"postalCode\":\"4365\",\"addressCountry\":\"LU\"},\"description\":\"Universit\u00e9 du Luxembourg\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Researchers Discover &amp; Fix Vulnerability in Antivirus Software - Universit\u00e9 du Luxembourg","description":"Researchers at the University of Luxembourg, in collaboration with Royal Holloway University of London, have found a significant security weakness in popular software applications.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.uni.lu\/fr\/news\/researchers-discover-fix-vulnerability-in-antivirus-software\/","og_locale":"fr_FR","og_type":"article","og_title":"Researchers Discover &amp; Fix Vulnerability in Antivirus Software","og_description":"Researchers at the University of Luxembourg, in collaboration with Royal Holloway University of London, have found a significant security weakness in popular software applications.","og_url":"https:\/\/www.uni.lu\/fr\/news\/researchers-discover-fix-vulnerability-in-antivirus-software\/","og_site_name":"UNI FR","article_publisher":"https:\/\/www.facebook.com\/uni.lu","og_image":[{"width":800,"height":600,"url":"https:\/\/www.uni.lu\/wp-content\/uploads\/sites\/11\/2021\/04\/researchers_discover_fix_vulnerability_in_antivirus_software.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_misc":{"Dur\u00e9e de lecture estim\u00e9e":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"NewsArticle","@id":"https:\/\/www.uni.lu\/fr\/news\/researchers-discover-fix-vulnerability-in-antivirus-software\/#article","isPartOf":{"@id":"https:\/\/www.uni.lu\/fr\/news\/researchers-discover-fix-vulnerability-in-antivirus-software\/"},"author":{"name":"","@id":""},"headline":"Researchers Discover &amp; Fix Vulnerability in Antivirus Software","datePublished":"2021-04-26T10:04:11+00:00","dateModified":"2021-04-26T10:04:11+00:00","mainEntityOfPage":{"@id":"https:\/\/www.uni.lu\/fr\/news\/researchers-discover-fix-vulnerability-in-antivirus-software\/"},"wordCount":655,"publisher":{"@id":"https:\/\/www.uni.lu\/fr\/#organization"},"inLanguage":"fr-FR"},{"@type":"WebPage","@id":"https:\/\/www.uni.lu\/fr\/news\/researchers-discover-fix-vulnerability-in-antivirus-software\/","url":"https:\/\/www.uni.lu\/fr\/news\/researchers-discover-fix-vulnerability-in-antivirus-software\/","name":"Researchers Discover &amp; Fix Vulnerability in Antivirus Software - Universit\u00e9 du Luxembourg","isPartOf":{"@id":"https:\/\/www.uni.lu\/fr\/#website"},"datePublished":"2021-04-26T10:04:11+00:00","dateModified":"2021-04-26T10:04:11+00:00","description":"Researchers at the University of Luxembourg, in collaboration with Royal Holloway University of London, have found a significant security weakness in popular software applications.","breadcrumb":{"@id":"https:\/\/www.uni.lu\/fr\/news\/researchers-discover-fix-vulnerability-in-antivirus-software\/#breadcrumb"},"inLanguage":"fr-FR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.uni.lu\/fr\/news\/researchers-discover-fix-vulnerability-in-antivirus-software\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.uni.lu\/fr\/news\/researchers-discover-fix-vulnerability-in-antivirus-software\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.uni.lu\/fr\/"},{"@type":"ListItem","position":2,"name":"News","item":"https:\/\/www.uni.lu\/fr\/news\/"},{"@type":"ListItem","position":3,"name":"Researchers Discover &amp; Fix Vulnerability in Antivirus Software"}]},{"@type":"WebSite","@id":"https:\/\/www.uni.lu\/fr\/#website","url":"https:\/\/www.uni.lu\/fr\/","name":"Uni.lu","description":"Universit\u00e9 du Luxembourg","publisher":{"@id":"https:\/\/www.uni.lu\/fr\/#organization"},"alternateName":"Universit\u00e9 du Luxembourg","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.uni.lu\/fr\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"fr-FR"},{"@type":"Organization","@id":"https:\/\/www.uni.lu\/fr\/#organization","name":"Universit\u00e9 du Luxembourg","alternateName":"Uni.lu","url":"https:\/\/www.uni.lu\/fr\/","logo":{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/www.uni.lu\/fr\/#\/schema\/logo\/image\/","url":"https:\/\/www.uni.lu\/wp-content\/uploads\/sites\/11\/2026\/03\/03120045\/UNIV_SM-Profile_1600x1600px-scaled.jpg","contentUrl":"https:\/\/www.uni.lu\/wp-content\/uploads\/sites\/11\/2026\/03\/03120045\/UNIV_SM-Profile_1600x1600px-scaled.jpg","width":2560,"height":2560,"caption":"Universit\u00e9 du Luxembourg"},"image":"https:\/\/www.uni.lu\/wp-content\/uploads\/sites\/11\/2026\/04\/24120552\/20200609-Belval-Campus_Henri-Goergen-23.jpg","sameAs":["https:\/\/www.facebook.com\/uni.lu","https:\/\/www.linkedin.com\/school\/university-of-luxembourg\/","https:\/\/www.instagram.com\/uni.lu","https:\/\/www.youtube.com\/@uni_lu","https:\/\/en.wikipedia.org\/wiki\/University_of_Luxembourg"],"email":"communication@uni.lu","telephone":"+352 46 66 44 1","address":{"@type":"PostalAddress","streetAddress":"2, place de l\u2019Universit\u00e9","addressLocality":"Esch-sur-Alzette","postalCode":"4365","addressCountry":"LU"},"description":"Universit\u00e9 du Luxembourg"}]}},"blog_id":11,"_links":{"self":[{"href":"https:\/\/www.uni.lu\/fr\/wp-json\/wp\/v2\/news\/1368"}],"collection":[{"href":"https:\/\/www.uni.lu\/fr\/wp-json\/wp\/v2\/news"}],"about":[{"href":"https:\/\/www.uni.lu\/fr\/wp-json\/wp\/v2\/types\/news"}],"version-history":[{"count":0,"href":"https:\/\/www.uni.lu\/fr\/wp-json\/wp\/v2\/news\/1368\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.uni.lu\/fr\/wp-json\/wp\/v2\/media?parent=1368"}],"wp:term":[{"taxonomy":"news-category","embeddable":true,"href":"https:\/\/www.uni.lu\/fr\/wp-json\/wp\/v2\/news-category?post=1368"},{"taxonomy":"news-topic","embeddable":true,"href":"https:\/\/www.uni.lu\/fr\/wp-json\/wp\/v2\/news-topic?post=1368"},{"taxonomy":"organisation","embeddable":true,"href":"https:\/\/www.uni.lu\/fr\/wp-json\/wp\/v2\/organisation?post=1368"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}