Movie studios leave doors to cyber attacks open

Movie studios leave doors to cyber attacks open

Research finds holes in production software.

Vulnerabilities in movie-making software mean studios risk their films reaching the internet before their official releases, according to research by is a division of Dimension Data which focuses on security research and development.

Senior security consultant, Nick Freeman, analysed production software used by Hollywood top grossers like Iron Man 2 and Avatar.

“Within an hour of installing Avid Media Composer, I had identified a remotely exploitable vulnerability. I was suprised at how easy it was to exploit,” says Freeman.

Freeman discovered there are security vulnerabilities in software from across the film-making process, including script writing and post-production software.

He demonstrates a scenario where he leverages access to separate layers of a studio’s network to exploit bugs in software such as Final Draft (script writing), StoryBoard Quick (storyboarding), and Muster (render farm management).

Freeman notified the different software vendors about the potential vulnerabilities, but says he was suprised by the lack of response.

He said he attributed this to the vendor’s commercial interests.

“I was told that speed to market and features were more important to their customers. I suspect if the stakeholders of the films understood the risk, security would be higher on their list of priorities.”

Freeman has since posted advisory information about the vulnerabilities on the website.

“I am hoping that by exposing these issues, the studios will be aware of these open doors.”

Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Show Comments