- EVPAD illegally provided 24,934 titles to a mass global audience through 78 servers
- Researchers at the University of Korea discovered 131,175 users connected to the secret infrastructure of Evpad
- DNS domains encoded in applications gave researchers a key locking method
The illegal transmission platforms have become more sophisticated, using new technologies to distribute copyright material on a global scale.
Unlike the previous websites that were easily closed by blocking domains, many of the current services adopt structures between peers and even hardware -based devices to hide their operations.
A recent study presented at the Usenix Security Symposium by a group of researchers from the University of Korea examined one of the most commonly used illegal transmission systems, known as Evpad.
How Evpad operated as a global piracy service
This system illegally allowed access to 1,260 channels from 18 countries, including the content of local transmissions, Netflix and Disney+.
Through a detailed analysis, the researchers found that the service offered 24,934 titles, ranging from films to television series and had a user base of 131,175 accounts.
They also identified 78 servers that support the platform, many housed in data centers abroad.
Evpad used libraries equally to distribute live transmissions, video material on request and pre -recorded content.
When integrating these functions into established tables, the service created an environment where users could transmit without paying regular subscription rates.
Although some users may believe that they are accessing collections similar to free stock video libraries, the reality is that much of the material is taken without authorization from paid platforms.
This structure reflected aspects of legitimate video accommodation platforms, but without the necessary license agreements.
Once installed, the devices overlooked traditional free video players by connecting directly to hidden networks that shared material in all regions.
The combination of pairs and cloud -based pairs and servers allowed a rapid exchange while minimizing the exposure of the central operators.
To the reverse engineering of the Android applications of the service, the team discovered how authentication, servers lists and pairs links were administered.
They intercepted communication between devices and servers, revealing that key DNS domains were encoded in applications.
This finding allowed them to propose a elimination method based on blocking those domains at the level of Internet service providers.
Because the applications required that these addresses work, cut them immediately would immediately interrupt both live broadcasts and transmission on request.
Beyond the domain block, the researchers tested a second approach directed directly to the peer system (P2P).
When exploiting weaknesses in the way in which the devices exchanged data, they demonstrated that it was possible to launch a sybil attack.
In this scenario, many false companions are introduced into the network, overwhelming or deceiving real nodes.
During its tests, a single package prepared was enough to block the transmission service on an Evpad device.
While these strategies interrupted operations during the tests, the study emphasized that they are not permanent solutions.
Operators can broadcast new software versions or register new domains, restoring access in days.
Even so, the demolition showed that technical interventions, when combined with legal cooperation, can weaken large -scale piracy networks.
