We would like to keep you up to date with the latest news from Digitalisation World by sending you push notifications.
Digital Newsletter
Each week our editor Phil Alsop rounds up the most popular articles, videos and expert opinions. We compile this into a Digital Newsletter and send it straight to your inbox every week.
Digital Magazines
We'll let you know each time a new edition of Digitalisation World is released so that you're always kept up-to-date with the latest and greatest news and press releases.
Video Magazines
The Digitalisation World Video magazine contains the latest Zoom interviews with experts in the industry.
OK, hands up all those who like listening to music while they are working? The majority of people seem to like it, and rather than the old ways of everyone listening to a collective radio broadcast or some somnolent musak, a set of headphone and a PC with a media player serves extremely well these days.
But a recent blog by Dana Tamir, director of enterprise security at the IBM-owned security specialist, Trusteer, shows that this apparently harmless – and even productive – pastime is actually fraught with security dangers.
The company’s researches have demonstrated that vulnerable media players are constantly targeted by hackers, and that many security professionals maybe missing this important loophole because media players are most commonly used by individuals, on their own PC and usually in their own time.
But with the growth of BYOD, and the cross-pollination of work and play on and between laptop systems, means that the humble and apparently harmless media player is fast becoming a major route in to hacking and infiltrating corporate networks. Microsoft PCs come with a integral media player, and there are many variants that can be downloaded from the web.
As Tamir pointed out in the blog: “because these applications are not controlled, and users are not in a rush to patch these applications, most installations are vulnerable to exploits.”
She points out that, according to the US National Vulnerabilities Database (NVD), over 1,200 vulnerabilities have been discovered in media players since 2000. Most of them have been found in the most popular programs, with Apple’s Quicktime and iTunes leading the way, both with over 250 vulnerabilities identified.
The major reason for media players to have become a target is that they are designed to work with files delivered remotely, such as streaming music and video. “By developing weaponized media content, i.e. an audio or video file that contains an exploit that takes advantage of a media player vulnerability, an attacker can effectively deliver malware to the user’s machine,” Tamir wrote in the blog.
“All that is left for the attacker is to send the weaponized file to the target user, or convince a target user to view the content from a compromised website using phishing and social engineering schemes. Typical examples include “promotional videos”, links to “free” song downloads and more.”
And most important of all, she points out that this is no theoretical threat. Exploits have been seen in the wild that target both known and unknown zero-day vulnerabilities in media players. And while many vulnerabilities have patches available, the level of their deployment is still poor , so known vulnerabilities are open to exploitation.
So this is another application area that security professionals need to add to their checklists. As well as recommending a Trusteer product, as might be expected, Tamir also restates the important, if obvious, security best practice: always apply security patches to vulnerable applications as soon as they become available.
But she also recommends investing in technologies that can block both known and unknown vulnerabilities, such as Trusteer Apex.
