Google Project Zero has drawn the attention of uTorrent users to a huge security flaw in the BitTorrent application. This flaw would allow hackers to access users' files and insert malicious code into them, making them vulnerable to hacking. Hackers can therefore search user data at will and even see their download history.
According to Google Project Zero , two versions of the software were affected by these security vulnerabilities. These would allow any website visited by the user to control the computer through Windows software and uTorrent Web.
According to Tavis Ormandy, a Google security researcher, the vulnerabilities that have arisen in uTorrent use the technique of DNS Rebinding to take control of the application, download and execute malicious code.
Endangered users' computers
uTorrent and BitTorrent use a local server and JSON requests which can easily be hijacked by hackers. This allowed them to take advantage of the security breach suffered by uTorrent to insert malware into the computers of users of the software.
This malware can affect the integrity of computers if they are integrated into the Windows startup folder. This could render the hardware unusable the next time it is started. Knowing that uTorrent currently has several million users, millions of data have also been left at the mercy of hackers.
BitTorrent did not take long to react
On February 20, 2018, Dave Rees, vice president of engineering at BitTorrent, announced in an email that the flaw has been fixed thanks to a beta version of uTorrent and BitTottent patched against security vulnerabilities.
“ On December 4, 2017, we learned of a series of vulnerabilities in uTorrent and BitTorrent clients for Windows desktops. Our code rework has been done and is available in the most recent beta version (build 126.96.36.199352 uploaded February 16, 2018). "
According to Google Project Zero, these security vulnerabilities are present on different platforms while this beta version currently only affects Windows PCs. While waiting for the arrival of the official version on other terminals, you should therefore avoid using uTorrent.