A novel form of software supply chain attack has been uncovered by ethical hacker Alex Birsan, who managed to breach the systems of over 35 major tech companies, including Microsoft, Uber and Tesla, by taking advantage of a concept known as dependency confusion.
The new attack vector is particularly worrying as, unlike traditional typosquatting or brandjacking supply chain attacks, the targeted companies automatically downloaded the malicious packages and the breach did not require social engineering or human error to infiltrate private repositories.
<p>This software supply chain attack, where security researcher Alex Birsan took advantage of a concept known as dependency confusion or namespace confusion within open source ecosystems, was quite simple, yet a clever way to gain access to systems in over 35 tech companies.</p> <p> </p> <p>The ability to do this comes essentially from a design flaw in the way some open source ecosystems like npm work, and subverts a basic pattern in the Java world. In npm there are no checks of namespace or coordinate authenticity, which means anyone can publish a component to npm with any name. Additionally, it is very common in the npm ecosystem to depend on the “latest” version, which means the build tool tries to determine automatically what the latest, or highest version number of a given component is.</p> <p> </p> <p>The important thing to understand here is that the researcher figured out what the internal names of components for these companies were, and published components with the same name to the public npm registry. They used a very large version number, which tricked their tooling to download the “latest” version from outside the organization as opposed to the internal copies they actually wanted. The targeted companies automatically received Birsan’s malicious and counterfeit packages without them making any spelling mistakes, or any social engineering involved, that we see in typical brandjacking or typosquatting.</p> <p> </p> <p>While the attack may feel novel, we have been saying that this could be a possibility for years, because there is no verification of ownership within many of these ecosystems, and its common practice for developers to ask for the LATEST version. </p> <p> </p> <p>There is no easy fix, as this is a design flaw in the very system of these dependency ecosystems. They work like this because it was done to lower the barrier for developers to publish their packages. But, as we can now see, as the ecosystems have matured and are now critical infrastructure for any organization, bad actors are exploiting that ease of access.</p>