If you are using BitTorrent to download any content with little or no care then, beware! A newly discovered flaw in the service could leave your computer vulnerable to attack by malicious hackers. Experts report the critical flaw in the service turns a user’s BitTorrent client into an access point where any wrong person can run a malicious code to get an access to the victim’s torrent downloads.
Security Flaw in BitTorrent reported
First to notice this critical flaw was Tavis Ormandy, an IT security researcher at Google’s Project Zero. He identified this flaw (CVE-2018-5702) in Transmission Function targeting Linux or Windows operating system running Chrome and FireFox browsers. Once compromised the exploit lets attackers take full control of a targeted computer.
In a tweet, Tavis explained,
First of a few remote code execution flaws in various popular torrent clients, here is a DNS rebinding vulnerability Transmission, resulting in arbitrary remote code execution.
What forced the security researcher to go public with details about the flaw was lack of response from the BitTorrent’s transmission developers and any word on offering a viable solution to patch it.
“I’m finding it frustrating that the transmission developers are not responding on their private security list, I suggested moving this into the open so that distributions can apply the patch independently. I suspect they won’t reply, but let’s see,” Ormandy wrote in his report.
As a precautionary measure, you can protect yourself from the hack by configuring a few security settings. To kill the effect of the hack try disabling the remote access service in your BitTorrent client. For this, simply visit your Preferences in Transmission, hit the Remote tab, and uncheck the “Enable remote access” option.
Alternatively, if you decide to leave your remote access option enabled, be sure to at least protect it with a strong password. You can configure this option from the Remote tab where you enabled remote access to your computer.