Torrents are used worldwide by a plethora of users, both for legal as well as illegal activities. It is the most common peer-to-peer mode of file sharing. Even though the popularity of streaming websites is rising at a fast pace, BitTorrent remains a premier source of entertainment content source for a large chunk of people using the web. With the help of tons of popular torrent sites (there are some completely legal ones as well) and BitTorrent clients, people download content.
But that also means that there is no verification of data being transmitted. According to a recent study by Google’s Project Zero, one of the best torrent clients out there, Transmission has been reported to be vulnerable to foreign hacks.
As reported by ArsTechnica, there happens to be a critical weakness in Transmission BitTorrent app that allows websites to execute malicious code on some users’ computers. Tavis Ormandy, a researcher working with Google’s Project Zero vulnerability reporting team, stated that there is a Transmission function that allows users to control the BitTorrent app with their Web browser.
According to Project Zero, the client is vulnerable to a DNS rebinding attack that effectively tricks the PC into accepting requests via port 9091 from malicious websites that it would (and should) ordinarily ignore.
By exploiting this flaw, a hacker can execute all kinds of attacks, including execution of malicious code on the users’ computer.
Ormandy states that his exploit works on popular web browsers such as Chrome and Firefox, and is applicable to both Windows and Linux. Other browsers will almost certainly be vulnerable too.
Last week, the Project Zero researchers published the proof-of-concept attack code. It’s worth noting that Project Zero normally refrains itself from making the details of such flaws public for 90 days or until the fix is released. However, in this case, the flaw was made public only 40 days after the initial report. This happened because the report included a patch to fix the vulnerability but Transmission developers didn’t respond on their private security mailing list.