Quantcast
Channel: OS Attack » Security
Viewing all articles
Browse latest Browse all 13

Why is Windows 10 connecting to akamaitechnologies?

0
0

Let me first start by saying that this is by no means a definitive or authoritative answer and is more of my theory using the evidence I have found as to the purpose of these connections.

After my becoming curious regarding privacy within Windows 10, I decided to dig a little deeper to analyze data that was being sent back and forth. Again and again the same address kept popping up, “akamaitechnologies.com”. So I decided to run a few tests within Windows 10 to see what would connect to this address.

First lets look at the Akamai Addresses within Windows 10

  • Explorer:  a23-3-105-152.deploy.static.akamaitechnologies.com:http
  • Defender:  a23-74-53-51.deploy.static.akamaitechnologies.com:http
  • Edge:  a96-17-8-139.deploy.akamaitechnologies.com:https
  • Edgecp:  a23-74-53-51.deploy.static.akamaitechnologies.com:http
  • Search:  a23-74-48-42.deploy.static.akamaitechnologies.com:https
  • Video:  a104-66-203-26.deploy.static.akamaitechnologies.com:https
  • Search:  a23-74-48-42.deploy.static.akamaitechnologies.com:https
  • Maps:  a23-79-45-83.deploy.static.akamaitechnologies.com:https
  • svchost:  a23-74-72-190.deploy.static.akamaitechnologies.com:https
  • wwahost:  a23-49-136-70.deploy.static.akamaitechnologies.com:https
  • Explorer when Groove Music launches:   a96-17-8-152.deploy.akamaitechnologies.com:http
  • Sports:  a96-17-8-152.deploy.akamaitechnologies.com:http
  • Explorer when Sports Launches:  a96-17-8-147.deploy.akamaitechnologies.com:http

First, there is a consistent pattern of  IDENTIFIER-deploy(Dynamic/Static)-static.akamaitechnologies.com. Then what I noticed is that Explorer in particular was working in tandem with some other applications. For example, when Groove Music launches Explorer which then reaches out with the identifier of a96-17-8-152. What also happens is that after a “ping” occurs, it does not do it again for sometime or until after a reboot.

Then I decided to run a few other Microsoft apps including a couple of Office 2013 apps. What I found is that some of these also reach out to the same akamaitechnologies website. Interestingly some apps when I opened them such as PowerPoint did not ping out after one of the other Microsoft Office apps performed a ping.

  • Process Explorer  a23-208-226-214.deploy.static.akamaitechnologies.com:http
  • Autoruns  a23-59-189-99.deploy.static.akamaitechnologies.com:http
  • Excel  a23-74-51-36.deploy.static.akamaitechnologies.com:http
  • Word  a96-17-8-155.deploy.akamaitechnologies.com:http

Things started to become clear at this point as to what Microsoft is using akamaitech for. The apps in particular that I found to be the most enlightening are Autoruns and Process Explorer. These are both very well accepted in the tech community as trusted applications.

What is akamaitechnologies used for with these two apps? From what I can tell so far (I am by no means an expert in traffic analysis) is that during the check for file signatures Akamai is queried and then as soon as Akamai responds, the apps populate their Verified Signature column. So essentially this is telling me that the signature hashes are being stored out on this website.

Windows 10 AkamaiTechnologies

 

Who is Akamai Technologies?

Akamai Technologies

 

Akamai from this description is a “Content Delivery Network” which in simple terms means they host content and information for companies so that the companies themselves don’t have to serve up the content. Akamai in particular is one of the largest CDNs in the world with immense server and network power.

So what is Microsoft doing with Akamai? Aren’t they bigger than Akamai?

It does not appear as if the Windows 10 rollout is the first time that Microsoft has employed Akamai to deliver up content. In fact it looks like many of the most popular Microsoft applications have already been using this for various purposes. Windows 10 however does seem to have the greatest dependency on Content Delivery Networks. For the rollout itself Microsoft has employed more CDNs than any other service in the history of the internet. In fact, on July 28 Microsoft exceeded more than 10 Tb/s of total internet traffic with people upgrading at a furious pace. This even broke the previous record set by Apple and arguably could not have been completed without the usage of CDNs, at least not at the rate of demand that was needed.

What information is Microsoft transferring to AkamaiTechnologies?

The answer at this time is, we don’t know exactly what it is transferring. What I found however is that Microsoft is using the Akamai services for almost all updates, software version checks (to know if you need an update), malware scanning (in the cloud), Windows Updates, etc. Where previously many items would be pointed at Microsoft servers directly, they are instead pointing to an Akamai Technologies CDN server. And the more Microsoft services and apps you personally use, the more your machine will communicate with their servers.

What about my Privacy?

That is ultimately THE question regarding not just Windows 10 or even Microsoft products. Virtually any program today has the ability to copy out your personal information and to do virtually anything they want with it. Microsoft themselves have an in-depth privacy statement which tends to raise more questions than it answers. Ultimately the biggest pain point of Windows 10 so far has been why the privacy toggles in Windows 10 don’t turn off calls out to AkamaiTechnologies or other CDN servers. For the definitive answer regarding all of this we either need to wait for Microsoft be transparent in all of this or for a researcher to “crack the code” and find out exactly what is in the data sent and received in these communications. We know it is for the updates, version checks, and malware scans, but what about the rest of the time?

If you are concerned about your privacy and how Microsoft products communicate with servers on the internet your only real choice is to use a third party solution to block them. The risk however is that you could accidentally compromise your own security without updates being applied to the machine or malware scans in the cloud (if you use Defender). If you are will to take those risks, please report back with your results in a couple of months and let us know how things go.

 


facebooktwittergoogle_plusredditpinterestlinkedinmail

Viewing all articles
Browse latest Browse all 13

Latest Images

Trending Articles





Latest Images