Home › Forums › Recently, read an old CVE which explains a method of gaining control over victims via online video streams. This was used in the case of YouTube a few years back when they don’t encrypt video streams, where hackers inject malicious code by MITM attack to gain victims PC control.
This topic contains 1 reply, has 2 voices, and was last updated by Lzrd__ 1 week, 4 days ago.
- April 7, 2021 at 3:40 pm #380936
With recent secure technologies like HTTPS, RTMFP,HTML5 DRM standard, CDN etc is this attack valid nowadays? Do the use of sandbox apps like Sandboxie, Shadow Defender, Enigma Virtual Box, firejail, Bubblewrap etc (for streaming online videos) will help to avoid such risks or instead use the best solution The Virtual Machines ?
Like to know about such attack methods, but cannot find enough resources on Google. Only a few odd cases that happened in the past(like the case mentioned about YouTube earlier). Is that means video streaming on modern web is more secure if we visit a website which uses HTTPS for example (funny thing is the most malicious website even have this HTTPS related certificates)?
Need a clear answers and opinion about this topic, I am sure that people on this Subreddit are the best ones who can explain about such pitfall in the modern web. If you can, please post or reply links to CVE’s about the above-mentioned method. I think it very rare situations where hackers use video stream to inject malware, or maybe I am wrong?
- April 7, 2021 at 3:40 pm #380937
For the attacker to gain control over the victim’s PC he would need to exploit their web browser which would require either a new 0day exploit or the victim to use an outdated browser. It’s not something worth worrying about unless being targeted by a government
You must be logged in to reply to this topic.