A security researcher at antivirus vendor Kaspersky Lab has discovered a way to remotely take over the computers of hundreds of thousands of American moms using an exploit that he says was provided by the National Security Agency.
The researcher, who goes by the handle of Dr. Alex Kravchuk, said he found the exploit while trying to remotely hijack a computer of a mother who was using a mobile app to share photos of her toddler.
He said that the exploit allows hackers to remotely execute code that allows the attacker to take over a computer, which in turn allows the hacker to access other devices on the network, including the mother’s smartphone, computer and other connected devices.
“It allows the malicious code to execute and control the victim’s device,” Kravchevchuk said.
“The mother can then be remotely controlled from any IP address or port on her phone or computer, such as her home network.”
Kravchuk said that he first discovered the exploit in February of this year, after receiving an email from the company that sells Kasperski’s antivirus software, which has been widely used to protect the computers and networks of millions of Americans.
Kaspersky said that Kravchuk was the first to report the exploit, but he added that he and his colleagues were not aware that the attack was being used to exploit American mothers.
Kravchchuk said the exploit was only deployed on some of the devices he has tested, but Kasperska has said it did not make any claims of responsibility.
Kovacs report came on the heels of a report by the Washington Post earlier this month that the NSA used a vulnerability in Apple’s mobile operating system, iOS, to secretly tap into the encrypted communications of US citizens in order to remotely access their devices.
Krivchik told the Post that he discovered the vulnerability after trying to use his own phone as a means of remotely hacking a computer on a mother’s computer, but that he did not have a direct link to the NSA.
“I have a lot of questions about this.
I have a hard time believing that they could get it to work on any of their devices, let alone the phones they use,” Krivchk said.
Krovchik said that because the exploit uses the Secure Shell (SSH) protocol, it is possible that a user could log in to a remote host by sending the user’s password to a server.
Kakovchuk said he was able to connect to the mother computer remotely using the exploit.
Kavkchuk said it was unclear whether the exploit had been made public or if it was used by other hackers, but said that it was “highly unlikely” that the vulnerability was used for nefarious purposes.
The NSA has not responded to a request for comment.