Close Menu
Technology Mag

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    What's Hot

    US Government Seeks Medical Records of Trans Youth

    August 29, 2025

    Leak suggests new Philips Hue lights will have direct Matter support

    August 29, 2025

    Microsoft’s next annual update for Windows 11 is in Release Preview testing

    August 29, 2025
    Facebook X (Twitter) Instagram
    Subscribe
    Technology Mag
    Facebook X (Twitter) Instagram YouTube
    • Home
    • News
    • Business
    • Games
    • Gear
    • Reviews
    • Science
    • Security
    • Trending
    • Press Release
    Technology Mag
    Home » A Misconfiguration That Haunts Corporate Streaming Platforms Could Expose Sensitive Data
    Security

    A Misconfiguration That Haunts Corporate Streaming Platforms Could Expose Sensitive Data

    News RoomBy News RoomAugust 9, 20253 Mins Read
    Facebook Twitter Pinterest LinkedIn Reddit WhatsApp Email

    Top streaming services like Netflix and Disney+ have made sustained investments over the years to lock their content down. Whenever they can, they prevent users from accessing videos without a subscription or watching region-blocked content. New findings presented today at the Defcon security conference in Las Vegas, though, indicate that streaming platforms used for things like internal corporate broadcasts and sports livestreams can contain basic design flaws that allow anyone to access a vast swath of content without logging in.

    Independent researcher Farzan Karimi first realized years ago that misconfigurations in application programming interfaces, or APIs, exposed streaming content to unauthorized access. In 2020 he disclosed a set of such flaws to Vimeo that could have allowed him to access close to 2,000 internal company meetings along with other types of livestreams. The company quickly fixed the issue at the time, but the finding left Karimi with concerns that similar problems could be lurking in other platforms.

    Years later, he realized that by refining a technique for mapping how APIs retrieve data and interact, he could look for other vulnerable platforms. At Defcon, Karimi is presenting findings about current exposures in one mainstream sports streaming platform—he is not naming the site because the issues are not yet resolved—and releasing a tool to help others identify the problem in additional sites.

    “For a company all hands or other sensitive meeting, there might be key internal information being shared—CEOs or other executives talking about layoffs or sensitive intellectual property,” Karimi told WIRED ahead of his conference talk. “You can see a bad pattern emerge in how easily you can circumvent authentication to access streams, but this class of issue was previously dismissed as requiring deep knowledge of a given business to identify.”

    APIs are services that fetch and return data to whoever requests it. Karimi gives the example that you can search for the movie Fight Club on a streaming platform, and the stream for the movie may come back with information about the length of the movie, trailers, actors in the movie, and other metadata. Multiple APIs work together to assemble all of this information with each fetching certain types of data. Similarly, if you search for Brad Pitt, a set of APIs will interact to deliver Fight Club along with other movies he’s starred in like Troy and Seven. Some of these APIs are designed to require proof of authentication before they will return results, but if a system hasn’t been scrutinized deeply, it is common for other APIs to blindly return data without requiring proof of authorization on the assumption that only an authenticated requestor will be in a position to send queries.

    “Often there are basically four, five, some number of APIs that have all this metadata, and if you know how to trace through them, you can unlock paywalled content for free,” Karimi says. “It’s a ‘security through obscurity’ model where they would never think that someone would be able to manually connect the dots between these APIs. The automation I’m introducing, though, helps find these authorization flaws quickly at scale.”

    Karimi emphasizes that top streaming services are largely locked down and either corrected such API misconfigurations long ago or avoided them from the start. But he emphasizes that more utilitarian platforms for corporate streaming and other live events—including always-on cameras in sports arenas and other venues that are meant to only be accessible at certain times—are likely vulnerable and exposing video that is thought to be protected.

    Share. Facebook Twitter Pinterest LinkedIn WhatsApp Reddit Email
    Previous ArticleI’m Attending 7 Festivals This Year. This Is My Must-Have Gear
    Next Article The Vibes-Based Pricing of ‘Pro’ AI Software

    Related Posts

    US Government Seeks Medical Records of Trans Youth

    August 29, 2025

    Senate Probe Uncovers Allegations of Widespread Abuse in ICE Custody

    August 27, 2025

    Highly Sensitive Medical Cannabis Patient Data Exposed by Unsecured Database

    August 27, 2025

    A Special Diamond Is the Key to a Fully Open Source Quantum Sensor

    August 25, 2025

    Data Brokers Face New Pressure for Hiding Opt-Out Pages From Google

    August 23, 2025

    493 Cases of Sextortion Against Children Linked to Notorious Scam Compounds

    August 20, 2025
    Our Picks

    Leak suggests new Philips Hue lights will have direct Matter support

    August 29, 2025

    Microsoft’s next annual update for Windows 11 is in Release Preview testing

    August 29, 2025

    TikTok is now letting everyone DM each other with voice memos and pictures

    August 29, 2025

    Hisense’s take on the Samsung Frame TV is $300 off

    August 29, 2025
    • Facebook
    • Twitter
    • Pinterest
    • Instagram
    • YouTube
    • Vimeo
    Don't Miss
    News

    Framework actually did it: I upgraded a laptop’s entire GPU in just three minutes

    By News RoomAugust 29, 2025

    Today, I can confirm the system actually works. I traveled to Framework’s San Francisco offices…

    The future of AI hardware isn’t one device — it’s an entire ecosystem

    August 29, 2025

    What’s really happening with the hires at Meta Superintelligence Labs

    August 29, 2025

    Lenovo leaks show concept laptop with rotating display

    August 29, 2025
    Facebook X (Twitter) Instagram Pinterest
    • Privacy Policy
    • Terms of use
    • Advertise
    • Contact
    © 2025 Technology Mag. All Rights Reserved.

    Type above and press Enter to search. Press Esc to cancel.