- Evpad illegally provided 24,934 titles to a massive world audience via 78 servers
- Researchers from the University of Korea discovered 131,175 users connected to the secret EVPAD infrastructure
- The DNS domains are hard coded in the applications have given investigators a key blocking method
Illegal streaming platforms have regularly become more sophisticated, using new technologies to distribute copyright-protected equipment worldwide.
Unlike previous websites that have been easily arrested by blocking the areas, many services today adopt structures between peers and even material devices to hide their operations.
A recent study presented at Usenix Security Symposium by a group of researchers from the University of Korea examined one of the most used illegal streaming vod systems, known as EVPAD.
How Evpad worked as a world hacking service
This system illegally allowed access to 1,260 channels from 18 countries, including the content of local emissions, Netflix and Disney +.
Thanks to a detailed analysis, the researchers found that the service offered 24,934 titles, ranging from films to television series and had a user base of 131,175 accounts.
They also identified 78 servers supporting the platform, many of which hosted in data centers abroad.
EVPAD used Peer-to-Peer libraries to distribute live emissions, video on demand equipment and pre-recorded content.
By integrating these functions into decoders, the service has created an environment where users could disseminate without paying regular subscription fees.
Although some users may believe that they access collections similar to free stock video libraries, reality is that a large part of the equipment is taken without authorization from paid platforms.
This structure reflected the aspects of legitimate video accommodation platforms, but without the necessary license agreements.
Once installed, the devices have bypassed traditional free video players by connecting directly to hidden networks that shared equipment between the regions.
The combination of the distribution of peers and servers based on the cloud allowed rapid sharing while minimizing the exhibition of central operators.
By reverse engineering of the Android applications of the service, the team discovered how authentication, servers lists and peer links were managed.
They intercepted communication between devices and servers, revealing that the DNS key areas were coded in the applications.
This observation allowed them to offer a method of withdrawal based on the blocking of these areas at the level of internet service providers.
Because applications required these addresses to work, cut them would immediately disturb live and demand show.
Beyond the blocking of the field, the researchers tested a second approach directly targeting the system between peers (P2P).
By exploiting the weaknesses in the way the devices exchanged data, they demonstrated that it was possible to launch a Sybil attack.
In this scenario, many false peers are introduced into the network, overwhelming or deceptive of real knots.
During their tests, a single made package was sufficient to crush the streaming service on an EVPAD device.
Although these strategies disrupted operations during tests, the study stressed that they are not permanent solutions.
Operators can issue new software versions or record new areas, restore access in a few days.
However, withdrawal has shown that technical interventions, when combined with legal cooperation, can weaken large -scale hacking networks.
