A Misconfiguration That Haunts Corporate Streaming Platforms Could Expose Sensitive Data
1 min read
Summary
Streaming services including Netflix and Disney+ tend to be very secure, blocking users from accessing videos without appropriate subscriptions or region-blocked content.
However, more utilitarian services used for corporate streaming and live events are likely to be far less secure.
Independent researcher Farzan Karimi has spent years studying these platforms and recently discovered vulnerabilities in one mainstream sports streaming platform.
He has released a tool to help identify similar problems in other such services.
The problem arises from the fact that many APIs given access to data are not sufficiently secure, and it is easy to bypass authentication procedures.
In many cases, it is simply a matter of connecting a few APIs to bypass paywalls and access protected content.
