Popcorn Time, A Piracy App Is Vulnerable To Hack Attacks

Posted: Aug 5 2015, 11:23am CDT | by , in Technology News


This story may contain affiliate links.

Popcorn Time, A Piracy App Is Vulnerable To Hack Attacks

Beware Popcorn Time users, hackers can control your pc

It’s almost year and a half since Popcorn burst onto the scene in 2014. It is still a standout amongst the most prevalent file sharing applications available.

A huge number of individuals utilize different variations of the Netflix-style apps every day. Popcorn Time's prosperity has additionally made it an objective for target to anti-piracy organizations.

But today the software finds itself under attack of a different kind. Antonios Chariton, otherwise known as 'DaKnOb', portrays himself as a Security Engineer & Researcher.

Chariton illuminates TorrentFreak that he's found a few genuine security vulnerabilities in no less than one fork of Popcorn Time.

The analyst says that the issues start with a truly brilliant system that Popcorn Time uses to sidestep ISP-level obstructing in the UK.

By using Cloudflare framework for some piece of its setup, it's hard to square Popcorn Time by DNS without banning the Cloudflare site.

Be that as it may, this is the place the issues start. Chariton clarifies,”First of all, the request to Cloudflare is initiated over plain HTTP. That means both the request and the response can be changed by someone with a Man In The Middle position (Local Attacker, Network Administrator, ISP, Government, etc.).” He also added, “The second mistake is that there is no input sanitization whatsoever. That means, there are no checks in place to ensure the validity of the data received. The third mistake is that they make the previous two mistakes in a NodeJS application.”

That’s obviously a pretty serious issue but Chariton does have some advice for the developers.

“HTTP is insecure. There’s nothing you can do to change this. Please, use HTTPS everywhere, especially in applications that don’t run inside a web browser. Second, sanitize your input. Even if you receive something over TLS v1.2 using a Client Certificate, it still isn’t secure! Always perform client-side checks of the server response”.

Chariton has definitely raised an important issue here. All the probabilities of this situation are still under discussion.

Popcorn Time responded to such allegations in a blog and said that users should not worry about this issue.

This story may contain affiliate links.


Find rare products online! Get the free Tracker App now.

Download the free Tracker app now to get in-stock alerts on Pomsies, Oculus Go, SNES Classic and more.

Latest News


The Author

<a href="/latest_stories/all/all/32" rel="author">Ahmed Humayun</a>
Ahmed Humayun is a technology journalist bringing you the hottest tech stories of the day.




comments powered by Disqus