Recently, read an old CVE which explains a method of gaining control over victims via online video streams. This was used in the case of YouTube a few years back when they don’t encrypt video streams, where hackers inject malicious code by MITM attack to gain victims PC control. – Digitalmunition




Home Forums Recently, read an old CVE which explains a method of gaining control over victims via online video streams. This was used in the case of YouTube a few years back when they don’t encrypt video streams, where hackers inject malicious code by MITM attack to gain victims PC control.

This topic contains 1 reply, has 2 voices, and was last updated by  Lzrd__ 1 week, 4 days ago.

  • Author
    Posts
  • #380936

    anonymous
    Participant

    With recent secure technologies like HTTPS, RTMFP,HTML5 DRM standard, CDN etc is this attack valid nowadays? Do the use of sandbox apps like Sandboxie, Shadow Defender, Enigma Virtual Box, firejail, Bubblewrap etc (for streaming online videos) will help to avoid such risks or instead use the best solution The Virtual Machines ?

    For example, if a link to a malicious website, which may contains some videos (like old school video sharing links, a normal bait used by hackers) is sent to a person, and he visits that website and watch that video online, beside the other know JavaScript based attacks, is there any possibility that hacker can utilize the video streams to gain remote control over the victims PC.

    Like to know about such attack methods, but cannot find enough resources on Google. Only a few odd cases that happened in the past(like the case mentioned about YouTube earlier). Is that means video streaming on modern web is more secure if we visit a website which uses HTTPS for example (funny thing is the most malicious website even have this HTTPS related certificates)?

    Need a clear answers and opinion about this topic, I am sure that people on this Subreddit are the best ones who can explain about such pitfall in the modern web. If you can, please post or reply links to CVE’s about the above-mentioned method. I think it very rare situations where hackers use video stream to inject malware, or maybe I am wrong?

  • #380937

    Lzrd__

    For the attacker to gain control over the victim’s PC he would need to exploit their web browser which would require either a new 0day exploit or the victim to use an outdated browser. It’s not something worth worrying about unless being targeted by a government

You must be logged in to reply to this topic.