How to Protect Your BitTorrent Client From Hacking
Still using BitTorrent to exclusively download legally purchased content, such as operating system images or files that you want to privately share with friends ? If so, you can double check your security settings to protect yourself from what the researchers at Google Project Zero call a “low complexity hack” affecting Transmission and other popular BitTorrent clients. The vulnerability could leave your computer vulnerable to attackers, but you can protect yourself by following a few steps until an official fix is made.
A proof of concept attack, Ars Technica explains , involves users who control their BitTorrent client via a web browser, allowing them to manage their transfers remotely. Many clients with remote access enabled are unsecured and do not require the user to enter a password.
The flaw, explained by Project Zero researcher Tim Ormandy, exploits weak security and allows hackers to execute commands through this web interface, turning your BitTorrent client into a hotspot where the wrong person can run whatever code they want after gaining access to your torrents. -loading.
While Project Zero only revealed the Transmission flaw after providing a fix, other BitTorrent clients may face similar security issues, according to this tweet from Ormandy discussing the flaw present in unspecified BitTorrent clients.
How to protect yourself
A Transmission spokesperson told Ars Technica that the fix is coming from Transmission, but you can protect yourself from hacking by changing a few security settings. To quickly render the hack useless, you need to disable the remote access service in your BitTorrent client. In Transmission, you can simply go to Settings, go to the Remote tab and uncheck the Enable Remote Access box.
If you prefer to leave the remote access option enabled, you should at least password protect it ( and store this information in your password manager ). You can do this in the “Remote” tab, where you have enabled (or disabled) remote access to your computer.
Beware of BitTorrent Users: Flaw Lets Hackers Control Your Computer | Ars Technica