Using free livestreaming websites to watch sports and other events online may expose you to various security risks such as malware infections, personal data theft and scams, a new study has warned.
The study from Katholieke Universiteit Leuven (KU Leuven) in Belgium and Stony Brook University in the US also found that as much as 50 per cent of the video overlay ads on free livestreaming websites are malicious.
Many users of free livestreaming websites may be aware that the video content on these websites is typically streamed without the content owner’s consent, researchers said.
What they often underestimate, however, is the security risk that comes with watching these videos.
Users may get their personal devices infected with malware, or they may be the victim of personal data theft and financial scams.
“Until now, free livestreaming services (FLIS) have mostly been analysed from a legal perspective. Our study is the first to quantify the security risk of using these services,” said M Zubair Rafique from KU Leuven.
“We have assessed the impact of free livestreaming services on users. We also exposed the infrastructure of the FLIS ecosystem,” Rafique said.
The researchers built a semi-automated tool that helped them identify more than 23,000 free livestreaming websites, corresponding with over 5,600 domain names.
They then performed more than 850,000 visits to the identified FLIS domains and analysed more than 1 Terabyte of resulting traffic.
“It’s a public secret that the FLIS ecosystem is not averse to using deceptive techniques to make money from the millions of users who use their services to watch live (sport) events,” said Nick Nikiforakis from the Stony Brook University.
“One example is the use of malicious overlay ads, which cover the video player with fake ‘close’ buttons. When users click these buttons, they risk being exposed to malware,” Nikiforakis said.
“In addition to exposing numerous copyright and trademark infringements, we found that clicking on video overlay ads leads users to malware-hosting webpages in 50 per cent of the cases,” said Rafique.
“Most of these pages are made to look like the actual free livestreaming websites. That is how they try to get users to install malware: users are tricked into believing they need special software to watch the livestream,” he said.
“Google Chrome and Safari are more vulnerable to this approach than other browsers, because attackers tend to target the more popular web browsers,” Rafique added.