P2P software poses huge security risk

LONDON (12/19/2003) - P2P file-sharing software poses a massive security risk, researchers have warned.

One plug-in designer for the hugely popular eDonkey program (two million clients and counting) has revealed that a simple plug-in can provide unlimited disk and sockets access, the ability to run programs on the local machine and an opportunity to spread that code through a network. In short, the quintessential security nightmare.

Describing the architecture (MetaMachine -- used by eDonkey and Overnet) as "by far the worst and most insecure I have ever seen in my life", Julian Ashton has posted his concerns on BugTraq and warned that it would only require a malicious plug-in for millions of P2P clients to turn either against the user or be used to target someone else, possibly in a DDoS attack.

The problem is that such plug-ins are not tied in with the software itself but allowed to sit with the operating system, meaning that P2P software could be used as a portal to gain access to people's PCs. The possibilities to use this for virus or worm propagation, or spamming, or as a hacking effort are all too clear.

Ashton has even written a small add-in to demonstrate the problem, downloadable from his site. A zip of "Fake Fast Track" is available here.

While many companies either block or ban P2P software on their networks both for security and legal reasons, the fact that a relatively lightly skilled programmer could use such a client to compromise security will worry many.

Even if one network's threat is dealt with, the millions of clients out there can still represent a massive virus or DoS risk. If the P2P clients using MetaMachine want to remain popular, an update to the software is sorely needed.

Join the newsletter!

Error: Please check your email address.

More about INS

Show Comments