Free Live-Streaming Websites May Put Viewers at Security Risk: Study

Free Live-Streaming Websites May Put Viewers at Security Risk: Study

Online streaming has become an increasingly popular way to watch sports and other live events but a new study suggests that viewers are often exposed to malware infections, personal data theft and scams.

According to the researchers from KU Leuven-iMinds (Belgium) and Stony Brook University in the US, as much as 50 percent of the video overlay ads on free live-streaming websites are malicious.

Read more   ↓

“Until now, free live-streaming services (FLIS) have mostly been analysed from a legal perspective. Our study is the first to quantify the security risk of using these services,” said M Zubair Rafique from KU Leuven’s department of computer science/iMinds in a university statement.

“We have assessed the impact of free live-streaming services on users. We also exposed the infrastructure of the FLIS ecosystem,” he added.

The researchers built a semi-automated tool that helped them identify more than 23,000 free live-streaming websites, corresponding with over 5,600 domain names.

They then performed more than 850,000 visits to the identified FLIS domains and analysed more than one terabyte of resulting traffic.

“It’s a public secret that the FLIS ecosystem is not averse to using deceptive techniques to make money from the millions of users who use their services to watch live (sport) events,” added Nick Nikiforakis from Stony Brook University.

“One example is the use of malicious overlay ads, which cover the video player with fake ‘close’ buttons. When users click these buttons, they risk being exposed to malware,” he added.

“In addition to exposing numerous copyright and trademark infringements, we found that clicking on video overlay ads leads users to malware-hosting webpages in 50 percent of the cases. Most of these pages are made to look like the actual free live-streaming websites,” Rafique noted.

Google Chrome and Safari are more vulnerable to this approach than other browsers, because attackers tend to target the more popular web browsers.

To alert FLIS users to potentially dangerous pages, the researchers have engineered an accurate and effective classifier. The tool can also help security analysts find and report unknown FLIS pages to curb copyright and trademark infringements.

In a later stage, the classifier will be made publicly available for research purposes.



You may also like...