Media Players Infect Computers without User’s Knowledge, says Researcher

Media players Computer Bug

David Thiel, senior security consultant with San Francisco-based researcher iSEC Partners, has revealed that media players in the computer welcome online criminals to attach malicious codes, later infecting the personal computer and the worst of it all, the user will not have any knowledge about the same.

At the Black Hat Hacker Conference, Thiel presented the experiment and found out the flaws on relatively obscure open-source media players. The audio and video downloads from various sites can actually acts as a digital weapon for hackers to hijack or corrupt computers, says the researcher. However, he is still not aware of any current attacks using the vulnerabilities as it is hard to track them.

David Thiel said, “The actual potential for attack is reasonably severe because nobody cares about actually playing videos from YouTube or playing music on Web pages – you can’t get music to stop playing at you. Because this stuff is launched automatically, I think the impact could be significant.”

Thiel has introduced a new program that uses ‘fuzzing‘ technique to identify the flaws in a wide range of media players. Fuzzing corrupts the file that is used in the application in a controlled way and finds exploitable bugs.

Jeff Moss, director of Black Hat, said that the conference organizers picked Thiel to present his findings because digital audio and video files are becoming phenomenally popular on YouTube, MySpace and other social networking sites.

Thiel with this team mates is working on to expose security weaknesses at the two-day Black Hat conference. This research will continue at the three-day Defcon convention.

White Hat Hackers present flaws to alert the branded companies about their products that they can be attacked by malicious pranks or Black Hat Hackers.