As we know, the popularity of streaming sites is growing day by day. Streaming sites got a major boost when almost all major torrent site went down the previous year. Undoubtedly, torrent downloading is not safe, but, this doesn’t restrict users from downloading pirated files.
Using BitTorrent? Hackers Can Control Your PC Remotely
As we know, people download torrent files using a BitTorrent client. It goes without saying that, BitTorrent is one of the popular torrent clients which is used by many users online. Recently, Google’s Project Zero Team found a critical vulnerability in BitTorrent App.
According to the reports from Ars Technica, Hackers can exploit this vulnerability to execute malicious code on user’s computer. The previous week, Google’s Project Zero team shared the proof-of-concept attack code.
Google’s Project Zero team usually forbears itself from making the details of any existing vulnerability to the public for 90 days. However, in this case, the vulnerability was made public within 40 days. This is because the report also contained a patch, but Transmission developers haven’t responded on their private security mailing list.
First of a few remote code execution flaws in various popular torrent clients, here is a DNS rebinding vulnerability Transmission, resulting in arbitrary remote code execution. https://t.co/kAv9eWfXlG
— Tavis Ormandy (@taviso) January 11, 2019
So, after the public release, the downstream projects using the Transmission project would be able to apply the patch. Well, the flaw found on BitTorrent app uses domain name system rebinding to control the Transmission interface whenever victim visits a malicious website.
Hackers after gaining control over the Transmission interface just needs to change the torrent download directory to home and download a torrent file named .bashrc. With this hacker can configure Transmission to run any command after the download has completed.
It’s worth to note that the Transmission developers have also claimed to release the fix as soon as possible. However, the developer team hasn’t shared any specific date.
So, to be on the safe side, you must minimize the use of torrent sites until the fix is being released. What’s your take on this? Discuss with us in the comments.