What is The Major Security Issues in VLC?

How easy will it be to break into a watch? We know a lot about the type of data that can get stolen, but what kind of data can hide away from you?

You probably know that Omission is the most significant concern for OS X administrators, and now you can explore this issue in depth at “Windows 8.1 & Linux: The Many Shadows of Security and Privacy”, a five part series. The infographic below, from The Daily Tech, provides you with a glimpse into the discussions that have been taking place among security researchers on VLC, a popular media player.

Over the past several years security researchers have targeted the VLC file, primarily based on Omission , the broad patchwork of extensions (chunks of software) that allow media players to play movies, music, etc. VLC itself has been fighting efforts to make Omission the default media player in Ubuntu, and on Android . (You can learn more about how the unpatched version of Omission is a source of hacking attacks here.)

Omission is a rootkit and a jailbreak exploit, but last fall a security researcher named DecipherShift and his developer friends started building an experimental version of VLC 2.1 that stopped using Omission completely. The new play list also contained SSL support, something that Omission lacks. Omission essentially the same player, minus the hash step, but now there is more security protection for your data.

VLC 2.1 is still pre-release, but anyone who has taken a look at the player’s website or on Github is already aware of the new features.

Many of us are enthusiastic media players, but sometimes I would even like to see VLC replaced by Google Play Movies, Windows Movie Maker, and Apple TV. (I remember Apple warned me back in 2010 that if I ever bought an iOS device that it was bound to be vulnerable to jailbreaking and malicious apps in the App Store. The one redeeming feature I enjoyed most about the device was the ability to hide from Siri.)

Related posts

Leave a Comment