How To Protect Your BitTorrent Client From This Potential Hack

How To Protect Your BitTorrent Client From This Potential Hack

Still using BitTorrent to exclusively download legally acquired content such as operating system images or files you want to share privately with friends? If so, you might want to double-check your security settings to protect yourself from what researchers at Google’s Project Zero are calling a “low complexity hack” affecting Transmission and other popular BitTorrent clients. The flaw could leave your computer vulnerable to control by malicious hackers, but you can protect yourself by following a few steps until official fixes are in place.

Image credit: Transmission

The proof of concept attack, Ars Technica explains, affects users who control their BitTorrent client through their web browser, which lets them manage their transfers remotely. Many clients with remote access enabled are left unprotected, and don’t require the user enter a password.

The flaw, explained by Project Zero researcher Tim Ormandy, takes advantage of the lax security, and lets hackers execute commands through that web interface, turning your BitTorrent client into an access point where the wrong person can run whatever code they want after gaining access to your torrent downloads.

While Project Zero only disclosed the flaw in Transmission after providing a fix, other BitTorrent clients might face similar security issues according to this tweet from Ormandy discussing the flaw present in unspecified BitTorrent clients.

How to Protect Yourself

A fix is coming from Transmission, a representative told Ars Technica, but you can protect yourself from the hack in the meantime by modifying a few security settings. To quickly render the hack useless, you’ll need to disable the remote access service in your BitTorrent client. In Transmission, you can simply visit your Preferences, hit the Remote tab, and uncheck the “Enable remote access” option.

How To Protect Your BitTorrent Client From This Potential Hack
Transmission on Windows 10.

Transmission on Windows 10.

If you’d rather leave your remote access option enabled, you should be sure to at least password-protect it (and store that information in your password manager). You can do it from the Remote tab where you enabled (or disabled) remote access to your computer.

BitTorrent users beware: Flaw lets hackers control your computer [Ars Technica]


The Cheapest NBN 50 Plans

Here are the cheapest plans available for Australia’s most popular NBN speed tier.

At Lifehacker, we independently select and write about stuff we love and think you'll like too. We have affiliate and advertising partnerships, which means we may collect a share of sales or other compensation from the links on this page. BTW – prices are accurate and items in stock at the time of posting.

Comments


One response to “How To Protect Your BitTorrent Client From This Potential Hack”