Flaw in μTorrent That Lets Hackers Control Your PC Remotely

March 5, 2018 | Views: 3436

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Most of us are using the popular and handy software called μTorrent for downloading and streaming stuff and if you are one of them then you must download its latest version ASAP.

You must have seen after pressing that red cross button to close torrent, it still runs in the background until you exit it.Added to that the μTorrent Classic and μTorrent Web apps run in the background on the Windows machine and start a locally hosted HTTP RPC server on ports 10000 and 19575, respectively, using which users can access its interfaces over any web browser.

But according to a Google “Project Zero” research, it has been found that several issues with these RPC servers could allow remote attackers to take control of the torrent download software with little user interaction. uTorrent apps are vulnerable to a hacking technique called the “DNS rebinding” that could allow any malicious website a user visits to execute malicious code on user’s computer remotely.

To execute DNS rebinding attack, one can simply create a malicious website with a DNS name that resolves to the local IP address of the computer running a vulnerable uTorrent app.

 

WHAT NOW…..??????

There’s no need to worry because patches are already available for that,  all you gotta do is to update to the latest version.

You can download one of the given releases of:

  • μTorrent Stable 3.5.3.44358
  • BitTorrent Stable 7.10.3.44359
  • μTorrent Beta 3.5.3.44352
  • μTorrent Web 0.12.0.502

Good Day!!!!!

Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Ready to share your knowledge and expertise?
5 Comments
  1. showing the hack technical details would be awsome

  2. thinks for the information..

  3. ESET wont even let me download utorrent, hasn’t for months, it blocks the site for malicious activity.

  4. i wonder who and why people still use μTorrent Classic and μTorrent Web apps?

    The only time i stream is using netflix or from a web page that does not install items

    i download iso’s but never have i seen it ask to install utorrent or torrent

Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel