Skip to main content
banner image
venafi logo

Venafi at RSA 2016: Breaking Closed Systems with Code-Signing

Venafi at RSA 2016: Breaking Closed Systems with Code-Signing

generic_blog_banner_image
February 22, 2016 | Gavin Hill

There is an abundance of use cases in which code signing using certificates has become more critical to prove to end users that they can trust the source and the integrity of the installed code. From software distribution and updates, to mobile apps and container security (like Docker), to execution of scripts and even file distribution—they all need to have their code signed to establish trust. But with stolen or forged code-signing certificates, cybercriminals can hijack the trust granted to signed code and threaten unsuspecting businesses and consumers who will expect this code to be safe.

Not all systems are created equal. There are open systems like Mac OS and Windows, for example, that allow end users to trust unknown publishers, and closed systems that do not. One would think that the closed systems are therefore safe, but hackers break them anyway and are able to install malware. When code-signing certificates are misused to give malware code trusted status, security controls blindly trust this dangerous code, endangering consumers and businesses.

How can enterprises effectively use code-signing to establish trust and avoid attacks that misuse code-signing? At RSA, we reviewed attacks against several open (Windows, Android, Mac OS) and closed systems (IOS, automotive operating systems). We also showed the state of the industry and how organizations are going about protecting code-signing certificates from misuse.

Code signing to establish trust in the code's source and integrity

We also gave advice how to protect your business with some proposed steps to mitigate code signing abuse and a proposal to the industry of how to detect and respond to code signing misuse quickly and easily.

How do you use code signing in your organization? What use cases would you like to learn more about?

Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

shutter

3 Steps that Stop the Speed of DevOps from Introducing Security Risk

How to Remediate: DROWN Attack – OpenSSL HTTPS Websites are at Risk – Are You?

How to Remediate: DROWN Attack – OpenSSL HTTPS Websites are at Risk – Are You?

generic_blog_banner_image

LIVE SANS Webinar—Securing SSH Itself with the Critical Security Controls

About the author

get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more
Chat