Would banning Russia from getting software updates facilitate piracy?


Image: Andrei Rudakov/Bloomberg via Getty Images

Piracy. Disinformation. Monitoring. CYBER is Motherboard’s podcast and reports on the dark underbelly of the internet.

The Ukrainian government has asked the US government to take several retaliatory actions against the Russian government for invading its neighboring country on Thursday, including cutting off US software updates.

In a list of “suggested actions” sent to President Joe Biden’s administration, Volodymyr Zelenskyy’s government called for “a ban on the supply of any goods, including hardware and software”, as well as “the ‘prohibition on the supply of any goods and technologies, including software used in sectors of the Russian aviation industry, incl. in civil aviation’ and ‘a ban on US companies from supplying and updating software in the interests of Russian consumers”.

The listing was first reported by Reuters journalist Raphael Satter, who later written in an article that the list was distributed to US officials.

The White House and Treasury Department did not immediately respond to a request for comment.

“We are not talking about the allegedly leaked documents,” a State Department spokesperson said in an email to Motherboard. “The President will speak today to present additional elements of our response.”

The ban on software updates, in particular, has caught the attention of cybersecurity experts. One of the most basic tips for consumers and businesses is to ensure that all software is updated to the latest version as known vulnerabilities are patched. If Russia were prevented from updating software, it would, in theory, make unpatched systems easier to hack.

Dmitri Alperovitch, a cybersecurity veteran and president of the Silverado Policy Accelerator, told Motherboard in an online chat that such a ban “is just going to push them even further into open source.” [software].” The country tried to switch to using more open source software since 2010with the government commit to removing Microsoft services in 2016.

Joe Slowik, head of threat intelligence and detections for cybersecurity firm Gigamon, told Motherboard in an online chat that the ban could be enforced, but it could affect companies’ operations. companies in Russia, such as Microsoft, which has an office in Moscow.

“I think the hardware cutoff (aircraft components, etc.) is much more realistic than the software side of things given the long tail in areas like smaller vendors and companies that have operations outside of the US” , he added.

Dr Lukasz Olejnik, an independent cybersecurity researcher and consultant, said cutting off Russia from software updates is “a fairly new idea, with potential long-term consequences. Russia has long been developing its cyber-sovereignty with this particular risk in mind.

The potential impact of such a ban is unclear, but it could be significant.

“Notably, this would leave many consumer devices open to cyberattacks, because of course blocking updates would also block security patches,” Olejnik told Motherboard in an email. “That would cause infrastructure problems.”

Alan Woodward, professor of cybersecurity at the University of Surrey, said such a ban would be “more of a statement than a practical implication”.

“Over time, of course, this means that Russian-based software deviates from the mainstream. Of course, this might have little long-term impact if updates are allowed to resume later,” he added in an online chat. “If we completely isolate Russia technically, they could theoretically go it alone, but my experience during [the Cold War] was that their technology, even when it was a direct copy of Western technologies, wasn’t that great.

Subscribe to our cybersecurity podcast, CYBER. To subscribe to our new Twitch channel.

Comments are closed.