- A security researcher was able to breach the internal systems of 35 companies, including Apple, Microsoft, Netflix, PayPal, Shopify, Tesla, Yelp, and others, without the victims knowing what had happened.
- Alex Birsan came up with counterfeit packages, which he hosted on public open-source repositories. These had the same names as some of the private files created internally at these companies.
- The researcher discovered that apps that needed these dependency packages would download files from the public open-source servers rather than internal ones. That’s how his files ended up on the unsuspecting targets’ internal systems.
A security researcher was able to penetrate the defenses of several high-profile companies and upload files to their servers by taking advantage of a software supply chain issue that could be abused to infect servers without the victims’ knowledge or permission. The list of companies the researchers infected include Apple, Microsoft, Netflix, PayPal, Shopify, Tesla, Yelp, and many other tech companies that might have downloaded his payloads.
Alex Birsan used an issue in the design of some open source ecosystems, which he informally called “dependency confusion,” explains Bleeping Computer.
Birsan came up with the hack idea last year when he saw a manifest file from an npm package used internally at PayPal. He discovered that some of the manifest file packages were not present on the public npm repository but were created privately at PayPal. They were used and stored by the company.
The researcher then wondered whether he could use fake packages named like the private ones but hosted publicly to infect servers. He then hunted for other private internal packages that did not exist in public open-source repositories. He created his own versions, using the same names, on open-source repositories, including npm, PyPI, and RubyGems. In his files, he disclosed that the packages were for security research projects and did not contain any useful code.
That’s when he found that apps using dependency packages would prioritize public packages hosted on public open-source repositories over private builds. And in some cases, the packages with the higher version would be prioritized no matter where they were hosted. That’s how his counterfeit packages reached the servers of various companies. The victims had no idea what was happening, and Birsan did not have to engineer any hack to convince employees to download his packages:
The success rate was simply astonishing.
From one-off mistakes made by developers on their own machines, to misconfigured internal or cloud-based build servers, to systemically vulnerable development pipelines, one thing was clear: squatting valid internal package names was a nearly sure-fire method to get into the networks of some of the biggest tech companies out there, gaining remote code execution, and possibly allowing attackers to add backdoors during builds.
Apple confirmed to Birsan that remote code execution on Apple servers would have been possible with the npm package technique, the researcher explained on Medium.
The companies were notified about the research, and they paid bug bounties to Birsan for finding the vulnerability. He earned at least $130,000 from his research, including $40,000 from Microsoft and $30,000 from Apple.
Birsan believes that similar attacks are possible in the future. “I believe that finding new and clever ways to leak internal package names will expose even more vulnerable systems, and looking into alternate programming languages and repositories to target will reveal some additional attack surface for dependency confusion bugs,” he concluded.