Music player software, watching bug-free videos

Senior security consultant David Thiel of iSEC Partners claims multimedia software "sticking" a series of "deadly" security flaws that could be exploited by hackers to secretly install malicious code or kidnap PC use.

In the presentation to participants of the Black Hat Conference, Thiel showed only security vulnerabilities in free multimedia software but insisted that a series of commercial software also made the same mistake. Thiel refused to disclose the identity of the software in error because he is currently collaborating with software developers to help them fix the error.

David Thiel at Black Hat.

Security experts of iSEC Partners said that there have not been any attacks being carried out by taking advantage of these vulnerabilities because they are relatively difficult to detect.

' However, the potential danger of these vulnerabilities is relatively high by one reason, users often don't care that they are watching a video on YouTube or listening to music on any website. Users often let multimedia applications automatically play files, which is why I think the risk of attacks is relatively high . '

The tool that helped Thiel discover security holes in multimedia applications is a new software developed by himself based on 'fuzzing' technology. This is a technique to corrupt a file belonging to an application in a tightly controlled way to help find security errors.

Paul Proctor, Gartner's vice president of research, said Thiel's findings will force software vendors to research and investigate security flaws to find a solution as soon as possible by the method. Thiel's attack method seems to allow for slow but deep penetration into the system.

Jeff Moss, CEO of Black Hat, said this year's conference decided to choose Thiel's presentation because now the multimedia file format standards are becoming increasingly popular before the explosion. of online content sharing sites like YouTube, MySpace .

Hoang Dung