BlackBerry Cylance has highlighted protective measures to safeguard partners and customers from a CylanceProtect bypass disclosed by researchers on July 18.
According to BlackBerry Cylance, the issue has been resolved for cloud-based scoring and a new agent will be rolled out to endpoints in the next few days.
BlackBerry Cylance’s response to the vulnerability is three-fold:
First, we have added anti-tampering controls to the parser in order to detect feature manipulation and prevent them from impacting the model score.
Second, we have strengthened the model itself to detect when certain features become proportionally overweight.
Lastly, we have removed the features in the model that were most susceptible to tampering.
Security researchers in Australia tricked BlackBerry’s AI-based Cylance Protect into failing to detect dangerous forms of malware.
Using a “global bypass method”, involving simply taking strings from a non-malicious file and appending them to a malicious one, researchers at Skylight Cyber were able to get the system to identify malware as “goodware”.
“AI applications in security are clear and potentially useful. However AI-based products offer a new and unique attack surface,”
The company commented on the security researchers report stating:
We appreciate the efforts of security researchers who responsibly disclose vulnerabilities and move the industry forward. BlackBerry Cylance takes all vulnerabilities seriously and encourages researchers to engage with us directly.
Our unwavering commitment to our customers drives us to work tirelessly to remediate any and all vulnerabilities in BlackBerry Cylance products.