Beware Popcorn Time users, hackers can control your pc
It’s almost year and a half since Popcorn burst onto the scene in 2014. It is still a standout amongst the most prevalent file sharing applications available.
Don't Miss: See the first leaked Black Friday 2016 Ad
A huge number of individuals utilize different variations of the Netflix-style apps every day. Popcorn Time's prosperity has additionally made it an objective for target to anti-piracy organizations.
But today the software finds itself under attack of a different kind. Antonios Chariton, otherwise known as 'DaKnOb', portrays himself as a Security Engineer & Researcher.
Chariton illuminates TorrentFreak that he's found a few genuine security vulnerabilities in no less than one fork of Popcorn Time.
The analyst says that the issues start with a truly brilliant system that Popcorn Time uses to sidestep ISP-level obstructing in the UK.
By using Cloudflare framework for some piece of its setup, it's hard to square Popcorn Time by DNS without banning the Cloudflare site.
Be that as it may, this is the place the issues start. Chariton clarifies,”First of all, the request to Cloudflare is initiated over plain HTTP. That means both the request and the response can be changed by someone with a Man In The Middle position (Local Attacker, Network Administrator, ISP, Government, etc.).” He also added, “The second mistake is that there is no input sanitization whatsoever. That means, there are no checks in place to ensure the validity of the data received. The third mistake is that they make the previous two mistakes in a NodeJS application.”
That’s obviously a pretty serious issue but Chariton does have some advice for the developers.
“HTTP is insecure. There’s nothing you can do to change this. Please, use HTTPS everywhere, especially in applications that don’t run inside a web browser. Second, sanitize your input. Even if you receive something over TLS v1.2 using a Client Certificate, it still isn’t secure! Always perform client-side checks of the server response”.
Chariton has definitely raised an important issue here. All the probabilities of this situation are still under discussion.
Don't Miss: Nintendo Switch: Everything You Need To Know
Popcorn Time responded to such allegations in a blog and said that users should not worry about this issue.