A hacker was able to take complete control of a computer that was running the 'Netflix for pirates'
Screenshot
Using a series of techniques, Chariton wrote that he demonstrated how "someone can get complete control of a computer assuming they have a Man In The Middle position in the network."
A 'man-in-the-middle' attack is when a hacker intercepts a data request between two machines. It is then able to swap the intended data for something malicious. So, if an attacker is able to execute one of these intercepting attacks, he or she can wreak havoc on the computer running Popcorn Time.
The attack is based on the clever way Popcorn Time avoids being banned by internet service providers (ISPs). The application is able to connect directly to the CloudFlare network. This, put in the simplest of terms, means that if an ISP wants to block the Popcorn Time program it would have to ban the entire CloudFlare website and not just the pirated content program. This is a smart way to avoid widespread ISP blocks.
The problem, however, is that the connection to CloudFlare is made over the HTTP protocol, and it's been shown that HTTP is just not secure.
Chariton didn't mince his words: "HTTP is insecure. There's nothing you can do to change this. Please, use HTTPS everywhere, especially in applications that don't run inside a web browser."
Because of HTTP's vulnerability, Chariton wrote that he was able to inject malicious code into a victim computer using Popcorn Time.
Popcorn Time penned a blog post responding to these claims. It assured users that they "don't need to worry." For one, man-in-the-middle attacks are "very unlikely," and require a hacker gaining access into a victim's personal network.
The site does admit that there are some security issues to be dealt with. It says it will release a fix to these shortly, but adds that what Chariton brought to light isn't as dire as it may seem.
- Colon cancer rates are rising in young people. If you have two symptoms you should get a colonoscopy, a GI oncologist says.
- I spent $2,000 for 7 nights in a 179-square-foot room on one of the world's largest cruise ships. Take a look inside my cabin.
- An Ambani disruption in OTT: At just ₹1 per day, you can now enjoy ad-free content on JioCinema
- In second consecutive week of decline, forex kitty drops $2.28 bn to $640.33 bn
- SBI Life Q4 profit rises 4% to ₹811 crore
- IMD predicts severe heatwave conditions over East, South Peninsular India for next five days
- COVID lockdown-related school disruptions will continue to worsen students’ exam results into the 2030s: study
- India legend Yuvraj Singh named ICC Men's T20 World Cup 2024 ambassador