- Indian researchers prove that it’s possible to figure out viewer choices on Netflix, through ciphered data.
- The communication data between the viewer and Netflix servers is encrypted, but JSON files are identifiable.
- The viewer choices paint the picture of who they are, opening up exploitation potential against them.
A group of five researchers from the Indian Institute of Technology in Madras has proven that Netflix is susceptible to side-channel attacks, which could potentially enable threat actors to infer information about the preferences of “Black Mirror: Bandersnatch” viewers. Bandersnatch incorporates a “choose-your-own-adventure” interactive system for the Black Mirror science fiction series, which allows Netflix viewers to choose what will happen next in the episode they are watching. Although Netflix has incorporated TLS (Transport Layer Security) to this communication, and even though the video feed is hidden behind the encrypted and compressed HTTPS protocol, the researchers have proven that these precautionary measures are still not enough.
So, why would anyone care about whether their Bandersnatch choices are leaked or not? Simply put, the choices we make in the series can be used for further analysis and the deduction of basic information that characterizes us and defines who we are. What is our affinity to violence? What is our political inclination? What are our food and music preferences? This type of data could be used for a broad spectrum of actions that relate to us, from targeted ad serving to social engineering and full-fledged exploitation.
The researchers suggest that Netflix should split or compress the JSON files so that eavesdroppers can no longer distinguish them. Whatever Netflix decides to do, if anything, this study goes to show that encryption in the traffic is not enough for the determined actor and that platforms should pay more attention to the way they implement interactive data communication systems that ask for the users’ participation.
Are you watching Bandersnatch on Netflix? Do you find the above news concerning? Share your thoughts in the comments below, and feel free to share this story through our socials, on Facebook and Twitter.