'Dangerous' hole discovered in Morpheus

Summary:Security experts warn MP3 fans that a security hole in the Morpheus file-sharing application could allow a malicious hacker to access a user's computer.

MP3 fans using the Morpheus file-swapping service risk having their personal details exposed online, according to security experts.

Morpheus in now the most popular file-swapping service on the Internet. The security hole means that the personal details of millions of people are now at risk of exposure. According to the Web site of MusicCity--the company that created Morpheus--more than nine million copies of the client have been downloaded.

MusicCity Networks could not be contacted for comment.

A new security hole has been discovered in the peer-to-peer file-sharing application, which allows a random list to be generated of people using the service. A malicious hacker could then access the computers of those users and copy files from anywhere on their hard disk. Usually, Morpheus only allows access to files placed in a specific folder, like other peer to peer file-sharing clients.

The privacy risk was reported to BBC News Online by a group of security experts, who are choosing to remain anonymous. They have described the exploit as "very dangerous", and have warned that this could make every Morpheus user's computer available to anyone who wants to access it.

The Morpheus peer-to-peer application allows users to search for digital media, such as music and videos, on the MusicCity network. The service also allows content providers to deploy third-party digital rights management technology to protect their copyright works. This protects the copyrights of artists involved, and has helped it to prevent a Napster-style shutdown.

Topics: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.