Hoʍlett

« La vie sociale tout entière gît sous mon regard. » — F. Pessoa

  • BitTorrentsync security & privacy analysis
    http://2014.hackitoergosum.org/bittorrentsync-security-privacy-analysis-hackito-session-result

    During last Hackito Session, a group of passionate tech gathered and during one evening dug whatever they could on BTsync. The goal of this Hackito Session was to analyze the security of BTsync.

    Why? Because BitTorrent Sync growing popularity means more and more private data gets exposed, and as it is a closed source program, there’s a need for some verified and neutral information about its intrinsic security and also about the degree of privacy it provides.

    [...]

    TL;DR & Conclusions :

    – Probable leak of all hashes to getsync.com and access for BitTorrent Inc to all shared data.
    – Change of sharing paradigm that introduced this vulnerability happened after the first releases. This may be the result of NSL (National Security Letters, from US Government to businesses to pressure them in giving out the keys or introducing vulnerabilities to compromise previously secure systems) that could have been received by BitTorrent Inc and/or developers.
    – Leak about the private network addresses of clients that gives indication about where and what to attack.
    – Probable multiple vulnerabilities of the clients.
    – Bottom line: Do not use for sensitive data.

    #BitTorrent_Sync #BitTorrent,_Inc. #Open_source #Rétroingénierie #Sécurité_informatique