Issues regarding the vulnerability of Popcorn Time has been brought to attention by a “hacker” by the nickname DaKnOb. The claim is that the software itself has a couple of security flaws that might be exploited to gain access to the device it’s installed on.
Instead of going through the details of these allegations we’ll instead focus on the response from the developer team behind popcorntime.io, which is the piece of software in question:
First things first, you don’t need to worry. A man-in-the-middle type of attack is very unlikely to happend to anyone: a potential intruder would need to already be present in your network. This means that they would need to have access to your WiFi or your ethernet, or that they are your Internet Access Provider. If someone has access to those, then they could potentially infect your machine through Popcorn Time.
So despite being technically possible the odds of a man-in-the-middle attack happening is very unlikely since it has to happen from within your private network. If your home network is secured with solid password protection or you’re using a VPN on public networks you should be fine.
The team also has a response to the possible outcome of such an attack:
Content Spoofing basically is useless: worst case scenario, you could download some porn instead of your movie. Not very interesting or beneficial for someone that just went through the troubles of infecting your network, is it?
This leaves XSS attacks. Now, that’s another deal. An XSS attack would allow the intruder to execute malicious code inside of Popcorn Time. To be clear: it would not allow to gain full control on the machine, as Popcorn Time doesn’t have elevated permissions. Yet, it is a security issue.
Even if someone successfully launched an attack through Popcorn Time it could never inflict much harm since it would only be able to control Popcorn Time and NOT the entire unit as DaKnOb claims.
However, the team does acknowledge the problem and promise to resolve it in the near future. If anything, this is a great case of the strength of open source development.