Your BitTorrent Client Can Be Exploited for DoS Attacks, Research Warns

BitTorrent vulnerability
BitTorrent vulnerability

BitTorrent-vulnerabilityShort Bytes: According to a new research, your BitTorrent client and BitTorrent Sync can be targeted and successfully exploited for DoS (Denial of Service) attacks. Attackers can use BitTorrent protocols to amplify and reflect traffic using the fellow torrent users using the original bandwidth.

The paper named “P2P File-sharing in Hell: Exploiting BitTorrent Vulnerabilities to Launch Distributed Reflective DoS Attacks” is published by researcher Florian Adamsky who revealed this vulnerability affecting millions of active BitTorrent users.

With the help of different experiments, Adamsky confirmed that this vulnerability affects the likes of DHT, uTP, Message Stream Encryption and BitTorrent Sync protocol.

Talking to TF, Adamsky said that it’s easy to deploy a DRDoS attack (distributive reflective Denial of Service) through BitTorrent.  He found that attacker just needs a valid info-hash in BitTorrent Sync to attack the system and a single BitTorrent Sync ping is needed to multiply the traffic by a factor of 120.

For other clients like uTorrent and Vuze, this attack amplification is of the order 39 and 54 times respectively.

Adamsky says: “This attack should not be so hard to run, since an attacker can collect millions of possible amplifiers by using trackers, DHT or PEX. With a single BitTorrent Sync ping message, an attacker can amplify the traffic up to 120 times.”

Also read: Top 10 Most Popular Torrent Websites of 2017

BitTorrent has been notified about this vulnerability and the company has patched some of them in the recent release. However, clients like uTorrent and Vuze are still vulnerable to attack.

TF writes that the users of BitTorrent-based software are not under any security threat except the fact that users are unknowingly participating in BitTorrent DoS attack. This causes wastage of lots of bandwidth.

Having something to add to this BitTorrent DoS attack story? Tell us in comments below.

Check out our homegrown product for hottest tech news on the web. For more updates, subscribe to our newsletter. [newsletter_signup_form id=1]

Similar Posts