Attackers Can ‘Steal’ Bandwidth From BitTorrent Seeders, Research Finds

News

New research reveals that BitTorrent swarms can be slowed down significantly by malicious peers. Depending on the number of seeders and the clients they use, download times can be increased by 1000%. The attacks are possible through an exploit of the BitTorrent protocol for which the researchers present a fix.

swarmBitTorrent is one of the fastest and most efficient ways to share large files over the Internet. The popular file-sharing protocol is used by dozens of millions of people every day and accounts for a substantial amount of total Internet traffic.

This popularity makes BitTorrent an interesting target for attacks, which various anti-piracy companies have shown in the past. One of these possible attacks was recently unveiled by Florian Adamsky, researcher at the City University London.

In an article published in “Computers & Security” Adamsky and his colleagues reveal an exploit which allows attackers to get a higher download rate from seeders than other people.

In technical terms, the exploit misuses BitTorrent’s choking mechanism of clients that use the “Allowed Fast” extension. Attackers can use this to keep a permanent connection with seeders, requesting the same pieces over and over.

The vulnerability was extensively tested in swarms of various sizes and the researchers found that three malicious peers can already slow download times up to 414.99%. When the number of attackers is greater compared to the number of seeders, the worse the effect becomes.

The impact of the attack further depends on the download clients being used by the seeders in the swarm. The mainline BitTorrent clients and uTorrent are not vulnerable for example, while Vuze is partly affected.

“Vuze is only partly affected as it allows pieces to be downloaded 64 times and then all further requests are rejected. Nevertheless we have listed Vuze as vulnerable since it is possible to reconnect and restart the attack,” the paper reads.

Update: Vuze was quick to patch the vulnerability.

An older version of Libtorrent also had this vulnerability but that was fixed a year ago.

TorrentFreak spoke with Adamsky who predicts that similar results are possible in real swarms. Even very large swarms of more than 1,000 seeders could be affected through a botnet, although it’s hard to predict the precise impact.

“If an attacker uses a botnet to attack the swarm, I think it would be possible to increase the average download time of all peers [of swarms with 1,000 seeders] up to three times,” Adamsky tells us.

“If most of the clients would have a vulnerable client like Vuze or Transmission it would be possible to increase the average download time up ten times,” he adds.

In their paper the researchers suggest a relatively easy fix to the problem, through an update of the “Allowed Fast” extension. In addition, they also propose a new seeding algorithm that is less prone to these and other bandwidth attacks.

Update: The article was updated to clarify that only older version of Libtorrent were affected. According to the research Transmission currently has the “Allowed Fast” code commented out, but it could become vulnerable when it’s implemented.

Tagged in:

Share this post

Share on Google+

You May Also Like

c There are 39 comments. Add yours?

comment policy