Best broadcast services Love Netflix and Disney+ They made continuous investments over the years to close their content. Whenever they can, they prevent users from accessing videos without subscription or watching content filled with the area. New results presented today in Defican Nevertheless, the Las Vegas security conference notes that broadcasting platforms used in things such as the internal broadcasting of companies and sports live broadcast can contain basic design defects that allow anyone to reach a wide range of content without logging in.
Independent researcher Farzan Karimi realized for the first time in years that the misconceptions of application programming facades, or application programming facades, exposed broadcast content for unauthorized access. In 2020, a group of these defects revealed to Vimeo that could allow it to reach nearly 2000 company’s internal meeting along with other types of live broadcast. The company soon identified the problem at that time, but the result left Karimi with fears that similar problems could be lying online on other platforms.
Years later, he realized that by improving a technology to plan how to recover data programming facades for data and interaction, he can search for other weak platforms. In Defcon, Karimi provides results about the current exposure in the prevailing sport flow platform – it does not call the site because the problems have not been solved yet – and launch a tool to help others determine the problem in additional locations.
“For the company, all hands or other sensitive meetings may be shared, there may be major internal information – CEOS or other executives talking about the demobilization of workers or sensitive intellectual property,” Karimi told WIRE. “You can see a bad pattern that appears in the ease of defrauding the approval to reach the flows, but this category of issues has already been rejected as it requires deep knowledge of a specific company to determine.”
Application interfaces are the services that bring data and return it to those who request it. Karimi gives an example that you can search for the movie Fighting club On a broadcast platform, the film may return with information about the length of the movie, trailers, actresses in the film, and other descriptive data. Multiple application programming facades work together to collect all this information with all certain types of data. Likewise, if you search for Brad Pitt, a set of application programming facades will interact to connect Fighting club Along with other films he starred like Recite and seven. Some of these application programming facades are designed to require proof of ratification before they re -resumes, but if the system is not examined deeply, it is common to re -bother the other data programming interfaces blindly without the need for evidence of the assumption that the certified requirement will only be in a position allowing it to send information.
“Often there are four, five or a number of applications programming facades that contain all these descriptive data, and if you know how to track it, you can open the Paywalled content for free,” says Karimi. “It is a model” through mystery “where they never think that someone will be able to hand the points manually between these application programming facades. The automation I offer, though, helps find these delegations flaws widely quickly.”
Karimi emphasizes that higher broadcasting services are largely closed or either correct these wrong API tools or avoid them from the beginning. But he emphasizes that more utilitarian platforms for companies flow and other live events-including cameras that always work in sports arenas and other places that are supposed to be available only at certain times-are likely to be vulnerable to the video and believed to be protected.
https://media.wired.com/photos/68925c064e37593cb2df7284/191:100/w_1280,c_limit/security_video_meetings_getty.jpg
Source link