kallekanin

Multiple Massive Security Flaws Discovered - Bittorrent Sync Is Totally Insecured

Recommended Posts

Security researches have found out that Bittorrent Inc has access to all your "encrypted files". It's VERY easy for the NSA or other agencies to get access, all they need is to do one of the following:

 

1. Send National Security Letters to Bittorrent Inc forcing them to cooperate in a "legal" way

2. Hack/Infiltrate Bittorrent Inc

3. Force Bittorrent Inc to cooperate

 

All your keys are transported to Bittorrent Inc. This is a recent change, it wasn't this way in the first versions of Bittorrent Sync. That indicates a deliberate change in order to backdoor Bittorrent Sync.

 

http://2014.hackitoergosum.org/bittorrentsync-security-privacy-analysis-hackito-session-results/

Share this post


Link to post
Share on other sites

+1 on this one. Sounds scary. The conclusions section from the article:

 

 

5. TL;DR & Conclusions
  • Probable leak of all hashes to getsync.com and access for BitTorrent Inc to all shared data.
  • Change of sharing paradigm that introduced this vulnerability happened after the first releases. This may be the result of NSL (National Security Letters, from US Government to businesses to pressure them in giving out the keys or introducing vulnerabilities to compromise previously secure systems) that could have been received by BitTorrent Inc and/or developers.
  • Leak about the private network addresses of clients that gives indication about where and what to attack.
  • Probable multiple vulnerabilities of the clients.
  • Bottom line: Do not use for sensitive data.

 

Discussion on Hacker News: https://news.ycombinator.com/item?id=8618067

Share this post


Link to post
Share on other sites

While we are working on more detailed answer. Researcher hasn't found anything bad, besides few crashes on random test. What he found is that we officially saying from the day 1 of the Sync. 

 

PS.

Wording of "Probable leak of all hashes to getsync.com and access for BitTorrent Inc to all shared data." is very close to "I almost hacked microsoft today" 

 

PPS. There is nothing even close to "Bittorrent Inc has access to all your "encrypted files"."

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.