Plex Media Has a Big Security Flaw
Share
Filed to:computer networking
Photo: Nicolas Asfouri, Getty Images
To sign up for our daily newsletter covering the latest news, features and reviews, head HERE. For a running feed of all our stories, follow us on Twitter HERE. Or you can bookmark the Gizmodo Australia homepage to visit whenever you need a news fix.
Plex Media might be best known as the streaming service suited for creating custom TV channels, but it turns out those servers can be abused for more nefarious purposes. On Thursday, the cybersecurity firm Netscout reported that the same custom servers used to host these channels are also being used to beef up denial of service (aka DDoS) attacks all without Plex’s customers even knowing.
ExtremeTech
Plex Media Servers Being Used to Amplify DDoS Attacks By Ryan Whitwam on February 5, 2021 at 1:04 pm
This site may earn affiliate commissions from the links on this page. Terms of use.
A new network security issue is causing headaches for the victims of DDoS attacks. According to security firm Netscout, several DDoS services have found a way to use Plex Media Servers to amplify the junk traffic they fire off toward targets during attacks. The researchers claim that a Plex server, properly utilized, can increase the size of DDoS packets by almost five times, making these attacks much more damaging. There’s not much Plex users can do about it right now, either.
Plex Media servers actively abused to amplify DDoS attacks
By
10:54 AM
Plex Media Server systems are actively being abused by DDoS-for-hire services as a UDP reflection/amplification vector in Distributed Denial of Service (DDoS) attacks.
Plex Media Server provides users with a streaming system compatible with the Windows, macOS, Linux, and FreeBSD platforms, as well as network-attached storage (NAS) devices, Docker containers, and more.
Netscout says that amplified PMSSDP DDoS attacks observed since November 2020 have been abusing UDP/32414 SSDP HTTP/U responses from exposed broadband Internet access routers and redirected towards attackers targets.
This junk traffic reflected onto victims servers is sourced from Simple Service Discovery Protocol (SSDP) probes sent by Plex through the G’Day Mate (GDM) protocol for local network service discovery.