Streaming platforms, despite their efforts to secure content, may still have design flaws that expose access to unauthorized users. Researcher Farzan Karimi highlighted vulnerabilities in APIs that permit access to internal corporate broadcasts and sports livestreams. His findings emerged after discovering misconfigurations that allow streams to be accessed without proper authentication. At the Defcon conference, he planned to showcase vulnerabilities in a well-known sports streaming platform while also releasing a tool to help identify potential issues across various services. The implications of unauthorized access could expose sensitive corporate information.
Independent researcher Farzan Karimi first realized years ago that misconfigurations in application programming interfaces, or APIs, exposed streaming content to unauthorized access.
At Defcon, Karimi is presenting findings about current exposures in one mainstream sports streaming platform-he is not naming the site because the issues are not yet resolved.
For a company all hands or other sensitive meeting, there might be key internal information being shared-CEOs or other executives talking about layoffs or sensitive intellectual property.
You can see a bad pattern emerge in how easily you can circumvent authentication to access streams, but this class of issue was previously dismissed as requiring deep knowledge of a given business to identify.
Collection
[
|
...
]