A hacker was able to take complete control of a computer that was running the 'Netflix for pirates'
Screenshot
Using a series of techniques, Chariton wrote that he demonstrated how "someone can get complete control of a computer assuming they have a Man In The Middle position in the network."
A 'man-in-the-middle' attack is when a hacker intercepts a data request between two machines. It is then able to swap the intended data for something malicious. So, if an attacker is able to execute one of these intercepting attacks, he or she can wreak havoc on the computer running Popcorn Time.
The attack is based on the clever way Popcorn Time avoids being banned by internet service providers (ISPs). The application is able to connect directly to the CloudFlare network. This, put in the simplest of terms, means that if an ISP wants to block the Popcorn Time program it would have to ban the entire CloudFlare website and not just the pirated content program. This is a smart way to avoid widespread ISP blocks.
The problem, however, is that the connection to CloudFlare is made over the HTTP protocol, and it's been shown that HTTP is just not secure.
Chariton didn't mince his words: "HTTP is insecure. There's nothing you can do to change this. Please, use HTTPS everywhere, especially in applications that don't run inside a web browser."
Because of HTTP's vulnerability, Chariton wrote that he was able to inject malicious code into a victim computer using Popcorn Time.
Popcorn Time penned a blog post responding to these claims. It assured users that they "don't need to worry." For one, man-in-the-middle attacks are "very unlikely," and require a hacker gaining access into a victim's personal network.
The site does admit that there are some security issues to be dealt with. It says it will release a fix to these shortly, but adds that what Chariton brought to light isn't as dire as it may seem.
- A centenarian who starts her day with gentle exercise and loves walks shares 5 longevity tips, including staying single
- A couple accidentally shipped their cat in an Amazon return package. It arrived safely 6 days later, hundreds of miles away.
- Colon cancer rates are rising in young people. If you have two symptoms you should get a colonoscopy, a GI oncologist says.
- Having an regional accent can be bad for your interviews, especially an Indian one: study
- Dirty laundry? Major clothing companies like Zara and H&M under scrutiny for allegedly fuelling deforestation in Brazil
- 5 Best places to visit near Darjeeling
- Climate change could become main driver of biodiversity decline by mid-century: Study
- RBI initiates transition plan: Small finance banks to ascend to universal banking status