BitTorrent Sync users should not use the service to share sensitive data, according to security researchers. During the security conference Hackito 2014 in Paris the software was thoroughly analyzed and found not secure for sensitive data transfers.
BitTorrent Sync is a peer-to-peer file synchronization tool available for all major desktop and mobile operating systems and re can sync files between devices on a local network, or between remote devices over the Internet via distributed peer-to-peer technology. Bittorrent Inc. claims Sync is secure, as it states on its website, "files are never duplicated on to third party servers. Every connection is encrypted and secured against prying eyes"
During Hackito the researchers found several vulnerabilities in the software, the most important one being that BitTorrent Inc, the developers of the software can gain access to all shared data. That's possible because, according to the researchers, important information is leaked to getsync.com.
The researchers state that the initial releases of the software didn't have this vulnerability, the developers might have added this later as the result of NSL (National Security Letters) which urges businesses to introduce a method to make data available to secret agencies.
Besides the issue, the researchers also found flaws in the mobile applications and web interface. The latter can be accessed without an encrypted connection and is vulnerable to clickjacking.
