• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 27th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Security

New BitTorrent Flaw Puts Linux & Windows devices at risk of hacking

January 16th, 2018 Waqas Security 0 comments
New BitTorrent Flaw Puts Linux & Windows devices at risk of hacking
Share on FacebookShare on Twitter

Tavis Ormandy, an IT security researcher at Google’s Project Zero has identified a critical flaw in Transmission BitTorrent app that if exploited lets attackers take full control of a targeted computer on Linux or Windows operating system.

Ormandy warned that the flaw (CVE-2018-5702) is present in Transmission Function that allows attackers to control the BitTorrent app through their web browser and other BitTorrent clients can also be their prime target.

The proof of concept published by Ormandy explains that the flaw currently works on computers running Chrome and FireFox browsers on Linux and Windows operating system. However, there are chances that the flaw might also work on other platforms such as macOS browsers if the user has enabled remote access.

Furthermore, the PoC explains, since a number of users use this function without any password, an attacker can compromise a device using domain name system (DNS) rebinding method and take control of it remotely. This explains that those who do not use this feature with a password are the prime targets of this flaw.

Moreover, the flaw allows attackers to change the download directory of torrents and use Transmission to run commands once the app finishes downloading. In a Tweet, Ormandy explained that the flaw is the “first of a few remote code execution flaws in various popular torrent clients”.

First of a few remote code execution flaws in various popular torrent clients, here is a DNS rebinding vulnerability Transmission, resulting in arbitrary remote code execution. https://t.co/kAv9eWfXlG

— Tavis Ormandy (@taviso) January 11, 2018

No response from Transmission

Google’s Project Zero and Ormandy reported their findings to Transmission on November 30th, 2017  but the company not only ignored the report, it did not bother to reply to Google for more than a month even though Ormandy’ sent his findings with the patch. This forced the researchers to go public with their findings and hopefully Transmission will learn a lesson.

“I’m finding it frustrating that the transmission developers are not responding on their private security list, I suggested moving this into the open so that distributions can apply the patch independently. I suspect they won’t reply, but let’s see,” Ormandy said.

If you download Torrents your device can be vulnerable to this attack, therefore, be vigilant and disable remote access feature for now. Technical details on the flaw are available on Github.

Not for the first time

This is not the first time when Transmission is in the news for all the wrong reasons. Previously, the BitTorrent Client was caught dropping Keydnap malware on Mac devices after compromising the company’s website.

Top, featured image via DepositPhotos/Pixinooo

  • Tags
  • BitTorrent
  • DNS
  • Google
  • hacking
  • internet
  • Linux
  • Mac
  • Privacy
  • security
  • Torrent
  • Transmission
  • Windows
Facebook Twitter LinkedIn Pinterest
Previous article Operator of hacked password service Leakedsource.com arrested
Next article BlackWallet hacked: Hackers replace DNS server, steal $400k in Stellar
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
TikTok vulnerability allowed hackers to access users' phone numbers

TikTok vulnerability allowed hackers to access users' phone numbers

Watch out as new Android malware spreads through WhatsApp

Watch out as new Android malware spreads through WhatsApp

SonicWall hacked after 0-day flaws exploited by hackers

SonicWall hacked after 0-day flaws exploited by hackers

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
TikTok vulnerability allowed hackers to access users' phone numbers
Security

TikTok vulnerability allowed hackers to access users' phone numbers

50
Why you should never use free a VPN
Drones

Why you should never use free a VPN

41
Watch out as new Android malware spreads through WhatsApp
Security

Watch out as new Android malware spreads through WhatsApp

347

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us