P2P file-sharing software poses a massive security risk, researchers have warned.
One plug-in designer for the hugely popular eDonkey program (two million clients and counting) has revealed that a simple plug-in can provide unlimited disk and sockets access, the ability to run programs on the local machine and an opportunity to spread that code through a network. In short, the quintessential security nightmare.
Describing the architecture (MetaMachine – used by eDonkey and Overnet) as “by far the worst and most insecure I have ever seen in my life”, Julian Ashton has posted his concerns on BugTraq and warned that it would only require a malicious plug-in for millions of P2P clients to turn either against the user or be used to target someone else, possibly in a DDoS attack.
The problem is that such plug-ins are not tied in with the software itself but allowed to sit with the operating system, meaning that P2P software could be used as a portal to gain access to people’s PCs. The possibilities to use this for virus or worm propagation, or spamming, or as a hacking effort are all too clear.
Ashton has even written a small add-in to demonstrate the problem, downloadable from his site. A zip of “Fake Fast Track” is available here.
While many companies either block or ban P2P software on their networks both for security and legal reasons, the fact that a relatively lightly skilled programmer could use such a client to compromise security will worry many.
Even if one network’s threat is dealt with, the millions of clients out there can still represent a massive virus or DoS risk. If the P2P clients using MetaMachine want to remain popular, an update to the software is sorely needed.