Plex Media is perhaps best known as the streaming service suitable for creating personal TV channels, but it turns out that the servers can be abused for worse purposes. Thursday the cybersecurity firm Netscout report that the same servers that offer these channels are also used to sharpen attacks from denial of service (or DDoS) – all without Plex’s customers even knowing it.
One of Plex’s main selling points is that customers can set up their own settings Plex server on a variety of different devices, and then use the server to host both their own video, photo, or music libraries, and stream the libraries on other devices. This is a very useful tool if, for example, you want to compile channels with your parents’ favorite programs and then broadcast the programs directly to their smart TV.
Per Netscout, when a given device starts up with a Plex Server and connects to the Internet, it will use the so-called Simple Service Discovery Protocol (or SSDP in short) to search for devices in the environment that are compatible with access to any juicy content it contains. In some cases, these servers may be accidentally connected to a user’s router, and if the router is accidental poorly set, it can broadcast SSDP connection information on the open web.
Things get pretty uncertain here because SSDP connections can generally be fairly easily exploited by bad actors who want to promote a given DDOS attack. You can read the full technical specifications of how this reinforcement works here, but in a nutshell: plug-and-play devices appear in a network and say something to introduce themselves (“Nice to meet you. I’m a wireless thermostat. Here are some neat tricks I can do.”) network and device get to know each other and things work well. However, it is a reflection attack, and some ominous person may request many of these devices to introduce themselves to a given goal at the same time, and instead of a pleasant encounter and greeting, the unfortunate recipient gets a deafening ore.
Netscout said its analyzes include about 27,000 Plex servers currently connected to the Internet that can be used for such benefits. In the past, the firm has seen these Plex-based attacks send out packets of 52 to 281 bytes. It is definitely not the biggest DDoS attack we have seen as of late but when enough of these servers is used in a single attack (or when these servers are used in conjunction with other unsafe technology), you can see how that would be enough to inflict serious damage.
G / O Media can get a commission
The firm added that since November last year, it has been noted that these types of attacks have increased by Plex. But Plex is certainly not the only vector released by the FBI in 2020 a warning warn businesses that their network connections could be used to send such reinforced attacks. Just last month, Netscout released another warning that certain Windows servers can be used to do the same.
We reached out to Plex for comment on the Netscout report and will update us here when we hear about it again.