Categories: NewsSecurity

Netflix User Privacy is Vulnerable to Passive Traffic Analysis Attacks

US Academics are concerned over how Netflix users may be the victims of passive traffic analysis attacks. Even though the popular video streaming platform recently integrated HTTPS support, that measure will do little to protect users. In fact, any assailant can target a random user and capture their traffic. Doing so would give the assailant insight as to what users are watching, which is a direct invasion of privacy.

Spying On Netflix Users Is Troublesome

It appears Netflix users may be subject to passive traffic analysis attacks. While most people may not worry about an unknown assailant spying on their watching habits, it is not something that should be underestimated by any means. In fact, this should not even be possible, considering Netflix recently introduced an HTTPS upgrade for all video watching activity. Unfortunately, it appears this countermeasure will do little good.

The potential flaw was first discovered by West Point’s US Military Academy researchers. According to their findings, an assailant can easily find out what anyone is watching on Netflix at any given time. They also developed a proof of concept system which would prove the vulnerability is very real. Since Netflix delivers content over the TCP protocol, assailants could passively analyze traffic by looking at the TCP/IP headers.

As part of their research, the two researchers put together a database containing several thousand videos available on Netflix. They were able to determine which video is which with nearly 100% accuracy by using the passive traffic analysis method. It is impossible to be 100% accurate in this regard, a 99.99% success rate is nothing to sneeze at. Moreover, it appears this system works even better as more information is randomized.

It would appear two of the technologies used by Netflix to stream video make it possible for assailants to analyze platform traffic. Both technologies leak small portions of metadata every time a video is transmitted over the platform. Even though Netflix’s upgrade to HTTPS should prevent traffic analysis from happening, it appears that is not the case right now. Deep packet inspection is not possible, yet a passive traffic analysis attack can’t be prevented.

People may be wondering why this is such a big problem, as it seems impossible for attackers to do anything useful with the information. Exposing Netflix users’ privacy – inadvertently – is not something that should be overlooked by any means. The company acknowledges passive traffic analysis remains a big problem, yet they can’t do much about it when using HTTPS to stream video. Netflix takes consumer privacy very seriously, that much is certain.

It is also important to note this issue is not specific to Netflix by any means. Any video streaming platform relying on HTTPS will suffer from the same vulnerability. Streaming services should focus on solving these privacy-related issues as soon as possible. Doing so is much easier said than done, though. Rest assured Netflix and other companies will continue to look into possible solutions moving forward.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.

JP Buntinx

JP Buntinx is a FinTech and Bitcoin enthusiast living in Belgium. His passion for finance and technology made him one of the world's leading freelance Bitcoin writers, and he aims to achieve the same level of respect in the FinTech sector.

Recent Posts

Bitcoin Price Watch: Currency Rises to $6,600

At press time, the father of cryptocurrency is up by roughly $300 from yesterday, and is trading for over $6,600.…

4 hours ago

What Is Zombie Battleground?

Many projects have tried to bridge the gap between blockchain technology and trading card games. Some firms have been a…

5 hours ago

What Is the CoolWallet S?

Hardware wallets are an integral part of the cryptocurrency industry. They are an excellent way of keeping one's cryptocurrency portfolio…

6 hours ago

League of Legends PH Client Facilitated Cryptojacking Due to Modified Code

Popular online games have always been a prone target for criminals and hackers. Although these incidents are usually aimed at…

7 hours ago

What Is CoinMarketAlert?

Tracking cryptocurrency prices can be done in many ways. Most enthusiasts rely on various mobile or desktop applications to do…

8 hours ago

One Seemingly Useless Smart Contract Causes Major Ethereum Blockchain Bloat

Even though the Ethereum network is receiving some scaling upgrades, network issues still tend to pop up now and then.…

9 hours ago