Pwning Opera Unite with Inferno’s Eleven

One of the Opera Internet browser’s older functions, which has now been phased out, was Opera Unite.  Opera Unite allowed a browser to act as both a client and a server, allowing a user to receive web content and present web content, using the same browser.

Although this feature was popular because it was easy for users to share music, photos, and other content; because of the exploits available Unite was phased out beginning with Opera version 12.

The first issue involved privacy, which was easily exploited within Unite.  User names were indexed and readily available, and IP addresses and port numbers were also obtainable.

It was also relatively easy for someone with evil intentions to embed Unite with malicious code.  This code could be disguised as software from a trusted source to trick the user into selecting a link or downloading a file.

Additionally, the Unite software’s file downloader was very susceptible to attack.

Finally, the password policy was not strong enough to prevent exploits by brute force attacks.

Thankfully, Opera phased out the Unite feature and as a result these exploits are no longer present.  This is a good reminder though to ensure you are not risking your privacy or sensitive information for the sake of convenience or speed with your software.

Leave a Comment