this post was submitted on 27 Jun 2024
255 points (98.5% liked)

Technology

59605 readers
3366 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] tal@lemmy.today 44 points 5 months ago (21 children)

I don't really understand the attack vector the ISP is using, unless it's exploiting some kind of flaw in higher-level software than BitTorrent itself.

A torrent should be identified uniquely by a hash in a magnet URL.

When a BitTorrent user obtains a hash, as long as it's from an https webpage, the ISP shouldn't be able to spoof the hash. You'd have to either get your own key added to a browser's keystore or have access to one of the trusted CA's keys for that.

Once you have the hash, you should be able to find and validate the Merkle hash tree from the DHT. Unless you've broken SHA and can generate collisions -- which an ISP isn't going to -- you shouldn't be able to feed a user a bogus hash tree from the DHT.

Once you have the hash tree, you shouldn't be able to feed a user any complete chunks that are bogus unless you've broken the hash function in BitTorrent's tree (which I think is also SHA). You can feed them up to one byte short of a chunk, try and sandbag a download, but once they get all the data, they should be able to reject a chunk that doesn't hash to the expected value in the tree.

I don't see how you can reasonably attack the BitTorrent protocol, ISP or no, to try and inject malware. Maybe some higher level protocol or software package.

[–] frankgrimeszz@lemmy.world 10 points 5 months ago (2 children)

Some software check for updates without requiring the packages to be signed. The ISP could do a HTTP redirect to a fake torrent client update. The program says “Update available”. It downloads a malicious version.

Other ISPs have been caught injecting adverts into their traffic. So there’s ways.

[–] amio@kbin.run 7 points 5 months ago (1 children)
[–] frankgrimeszz@lemmy.world 1 points 5 months ago

HTTPS would prevent advert injection, assuming you didn’t accept a bad certificate at any point. But if they control your router and infrastructure, they can still redirect you to other pages however they want.

load more comments (18 replies)