Audio Video News

Millions of people use free live-streaming websites to watch sports and other live events online, but this comes with a considerable security risk, according to a new study.

Researchers from KU Leuven-iMinds and Stony Brook University have found that viewers are often exposed to malware infections, personal data theft, and scams, and that as much as 50 percent of the video overlay ads on free live-streaming websites are malicious.

Many users of free live-streaming websites may be aware that the video on some of these sites is streamed without the content owner’s consent. What they often underestimate, however, is the security risk that comes with watching these streams. Personal devices can be infected with malware that leads to data theft and financial scams.

“Until now, free live-streaming services (FLIS) have mostly been analyzed from a legal perspective,” explained M. Zubair Rafique (KU Leuven Department of Computer Science / iMinds). “Our study is the first to quantify the security risk of using these services. We have assessed the impact of free live-streaming services on users. We also exposed the infrastructure of the FLIS ecosystem.”

The researchers built a semi-automated tool that helped them identify 23,000 free live-streaming websites, corresponding with 5,600 domain names (more than 20 percent of which are in Alexa’s top 100,000 websites). They then visited more than 850,000 of the live-streaming domains and analyzed the traffic.

“It’s a public secret that the FLIS ecosystem is not averse to using deceptive techniques to make money from the millions of users who use their services to watch live (sports) events,” said Nick Nikiforakis (Stony Brook University). “One example is the use of malicious overlay ads, which cover the video player with fake ‘close’ buttons. When users click these buttons, they risk being exposed to malware.”

“The outcome of our research is quite confronting,” added M. Zubair Rafique. “In addition to exposing numerous copyright and trademark infringements, we found that clicking on video overlay ads leads users to malware-hosting webpages in 50 percent of the cases. Most of these pages are made to look like the actual free live-streaming websites. That’s how they try to get users to install malware: users are tricked into believing they need special software to watch the live-stream.

“Google Chrome and Safari are more vulnerable to this approach than other browsers, because attackers tend to target the more popular web browsers. Finally, FLIS services often use scripts that try to detect and defeat popular ad-blocker extensions.”

To alert FLIS users to potentially dangerous pages, the researchers have created a tool to help security analysts find and report unknown FLIS pages to curb copyright and trademark infringements. The researchers said this “classifier” will be made available publically for research purposes in the future.