News Section Logo NEWS - Return to news section

 

Popular Video Player Software Embroiled in Wikileaks, CIA Scandal

Posted by: , 20:06 AEDT, Fri March 10, 2017

Permanent Link     Add Comments
VLC player has been used by the CIA to spy on targets
News story feature image
Image/Photo Credit: videolan.org

A popular open source video player software has found itself in the middle of a international scandal involving the CIA, spying and Wikileaks.

This week, Wikileaks controversially a series of leaked documents, dubbed "Vault 7". The documents are believed to be sourced, via a leak, directly from the CIA, and documents the agency's impressive list of digital weaponry, ranging from software exploits to the deliberate use of malware, to spy on the agency's targets.

Among the vast amount of information revealed by "Vault 7" was an interesting note regarding a popular video player, officially known as the VideoLAN Client, but more commonly known as the VLC player.

It has become apparent that an older version of the open source VLC software has indeed been used as a spying tool, by attaching a malware payload to the freely available software that secretly scans the target's computer while the target is using the software to play back a video.

This revelation has forced the makers of the software to release an official statement, to try and explain the situation.

The makers of the software was keen to stress that the software does not contain a remotely exploitable vulnerability, nor is the vulnerability present in the most recent version of the software.

The statement also confirms that, based on the technique used by the CIA, physical access to the target's computer as well as the "execution of the tool allegedly developed by the CIA" is required for spying to take place.

The VideoLAN team wants to reassure users that the team takes security seriously and has already undertaken actions to ensure vulnerabilities such as this cannot be exploited in the future.

"Security of our users data is of prime importance. As a consequence, we have taken countermeasures to prevent malware from hiding their activity behind VLC media player. The used attack vector modification will not be possible starting from the next minor release, 2.2.5. We are also working on hardening the VLC security for the next major releases (3.x.x)," the statement read.


Comments:

Related News:

News Icon Hollywood Talent Agency Sued Over Screener Piracy Leak

posted by: Sean F, 15:42 AEDT, Fri October 28, 2016

News Icon Critics Say US Government Got Piracy List 'Notoriously' Wrong

posted by: Sean F, 14:46 AEDT, Tue December 27, 2016

News Icon Cisco Working on Automated Piracy Stream Shutdown Tool

posted by: Sean F, 19:11 AEDT, Thu October 27, 2016

News Icon Play UHD Blu-ray on Your PC: PowerDVD Gets 4K Blu-ray Certification

posted by: Sean F, 16:18 AEDT, Tue December 6, 2016

News Icon Star Wars: The Force Awakens Blu-ray Leaked Online

posted by: Sean F, 13:14 AEDT, Fri March 25, 2016