Site icon Panda Security Mediacenter

Hackers reveal their secrets on Twitch, the gamers’ streaming platform

twitch

Twitch was set up in 2011 as a video streaming platform yet, unlike YouTube, it is mostly videos of games and playthroughs that are broadcast on the channel. Another distinguishing feature is that Twitch doesn’t use any copyright system to establish payments: it operates with voluntary donations to those who provide content and share their experiences with other Internet users.

With a view to complementing its offer with such content, Amazon has invested an incredible US$970 million (735 million euros) in purchasing the company. Google and Yahoo had also bid to take over the company, though in the end it was the online store that managed to take this highly-coveted asset.

This fierce competition over Twitch is not without motive. The channel already had 3.2 million active users in its first month of existence. It now has over 50 million users, each of whom spends an average of 106 minutes watching its content.

The website, founded by the American Justin Kan (also responsible for Justin.tv) was initially set up to broadcast conventional content. However, another of the site’s founders, Emmett Shear, who had a passion for computer games, decided to change focus go for another type of content.

The platform allows users to take part in the broadcasts and form a community, one of the keys to success on the Web, especially when it comes to online gaming: the channel’s now famous ‘eSports’, are real competitions between gaming professionals.

Given its content, it’s hardly surprising that it’s mainly young people who visit the channel. Over half the users are under 25, although the average age of those taking part in competitions is somewhat higher, around 40 years old. However, all of them are keen Internet users.

So far, so good. But what happens when those who broadcast their online adventures are not just gamers, but also hackers?

George Hotz and Ricky Zhou, two renowned hackers, have started broadcasting the resolution to different challenges, which can last up to five hours. The first of these was largely aimed at overcoming certain levels of Vortex, a game designed for hackers. The challenges are resolved by commands written in code.

In the second challenge, dubbed ‘The Great CVE Race‘ (CVE stands for Common Vulnerabilities and Exposures), the participants tried to exploit a security hole in the Firefox browser. The CVE database is maintained by MITRE, a US NGO, and contains all the known bugs or vulnerabilities for many software programs.

After selecting the security flaw, the hackers design an exploit: a tool or technique that takes advantage of the software error to prevent the program from running properly or to allow third party access to the service. This can include anything from a computer virus to alterations to the software’s code, for example, a set of instructions to run the program in a different way.

Client-side exploits are strategies aimed at vulnerabilities in applications normally used on any operating system, such as a Web browser. The tool is applied to a file that the program has to open, such as an email.

When this modified file is run by the user and there is no antivirus security control, the hacker can access the user’s information. This is exactly what Hotz and Zhoy are showing in their videos: how to create an exploit for Firefox.

If hackers were to follow their instructions, they would learn how to take control of the program or change some aspects of one version of Firefox without the developer’s consent.

Although Twitch doesn’t monitor content and gives free rein to those who broadcast videos, the creation of such tools can even be illegal, as they don’t have the administrator’s authorization and they interfere with the activity of third parties. The platform may have to think about keeping a closer eye on what is published on the site.

Exit mobile version