Skip to main content

uTorrent Security Flaw Gives Hackers Access to Your PC

hacker stealing data clipart

Hackers can use uTorrent’s web and desktop applications to download malicious code onto your PC. This gives them access to your downloaded files and browsing histories.

We all love using uTorrent for downloading tons of media & software files from the internet. Unfortunately, the hazards of using these peer-to-peer downloading apps are unknown to us.

A Google Project Zero researcher Tavis Ormandy has revealed some of the dangers of using these apps. According to Ormandy, those using BitTorrent or uTorrent have serious flaws, making them vulnerable to getting hijacked.

How it Works

The security issue is present in the Windows version of the software, through which hijackers can get access to your personal data. These hackers can resolve web domains while you’re downloading something, in a manner that gives them access to your PC’s internal storage.
They can execute remote code to inject malicious files in your Windows’ ‘Startup’ folder.  It will then automatically be launched every time your PC is rebooted, allowing them to tinker with your computer’s files such as your downloads and browser history.
If you are using an unpatched version of BitTorrent or uTorrent (which includes uTorrent web), your systems’ security is endangered.
Here are some precautions you can take to protect yourself.

How to Save Your Computer From Hijackers

As indicated by Ormandy, the latest release of uTorrent’s beta versions includes files that fix the flaw. However, he wasn’t sure whether all the necessary measures had been taken for making uTorrent’s Web version completely safe for use.
Tavis Ormandy
BitTorrent engineering VP, Dave Rees, said that they have updated both uTorrent and Bittorrent. A patch has been released which will protect the users from any such attacks.
Our fix is complete and is available in the most recent beta release (build 3.5.3.44352 released on 16 Feb 2018). This week, we will begin to deliver it to our installed base of users. All users will be updated with the fix automatically over the following days. The nature of the exploit is such that an attacker could craft a URL that would cause actions to trigger in the client without the user’s consent (e.g. adding a torrent).
Prior to Rees’ response, the below-mentioned three test case exploits were provided by Ormandy which showed how the hackers can use domain name system rebinding to enter your PC.
  1. uTorrent Web Vulnerability
  2. uTorrent Desktop Vulnerability
  3. uTorrent Desktop Vulnerability
As a simple solution to this problem, you should not use the Web and Desktop versions of uTorrent until decisive measures are taken by the developers behind the app.

Comments

Post a Comment

Popular posts from this blog

Develop your own game by learning these free courses

We recently recommended courses you should learn before you will launch your first startup in order to avoid some common mistakes. In Quick Tips today, we’ll recommend you some free courses that will help you make your first game and begin your career as a developer. Before we highlight the details of the courses you ought to take, here are some introductory courses which will prepare you to learn these courses more effectively; Java Programming Basics  – Prepare yourself for programming on Android and the Web Introduction to JavaScript  – Create animations and understand variables and strings. When you have gone through those courses above then proceed to ones given below to develop your first game: 1. Create a 2048 game in just 1 day For those who have zero experience in programming and don’t want to take the above courses, then enroll in this course from Udacity. You will learn the basics of HTML and CSS as well as their interaction with JavaScript. ...
Post a Comment
Read more

The upgraded Google News app is now available on iOS and Android

One of the more intriguing announcements at Google IO 2018 was of  a new Google News app  to take the place of the Google Play NewsStand, which was initially launched in 2013.  After describing the new Google News app  in a dedicated page for the app on its website, Google has now officially released the app on the  App Store  and  Google Play . Google Play NewsStand was used as a resource to get news around the world. The news would be of every category, even the news which doesn’t interest the user. Whereas with this new Google news app, the artificial intelligence of Google shows you the news you want to see, which you usually search for on Google. According to Google , the Google News app now  “uses a new set of AI techniques to take a constant flow of information as it hits the web, analyze it in real time and organize it into storylines.”  Artificial intelligence(AI) gives the app an ability to process and sort the news from...
Post a Comment
Read more

Huawei Mate 10 Pro: A Premium Flagship With Some Odd Omissions

When Huawei had launched, they were known as a brand that mostly dealt with budget smartphones and even their flagships were not up to the standards that people expected at that time. However, times have now changed and leading the innovation front nowadays is Huawei. A few of their flagships in the recent year or so have been nothing short of impressive but this year’s Mate 10 line up has changed the brand image forever and consumers now know that Huawei is a serious market player and should not be taken lightly. We’ve already reviewed the  Mate 10 Lite and there was a lot to like about that phone. Today we have with us the most expensive one of the bunch, the Mate 10 Pro. For a more in-depth review and understanding of various Mate 10 Pro features, do watch the video review linked below. Design Like most of the flagships in the industry, Huawei also makes use of some premium material on the Mate 10 Pro. You have curved Gorilla Glass on the front and back and where th...
Post a Comment
Read more