Most of us use media players, regularly isn’t it? But now this too is associated with risk. Video subtitle hack, a new attack route threatening millions of users of popular media players, including VLC, Kodi (XBMC), Popcorn Time and Stremio is on its way. Researchers for Check Point revealed a new exploit which allows the hackers to use subtitles as one sneaky way to take over your device. The hackers, by creating malicious subtitle files for films and TV programs, can potentially take complete control of any device running the vulnerable platforms, as such things are downloaded by viewers.
Check Point Writes,
“The potential damage the attacker can inflict is endless, ranging anywhere from stealing sensitive information, installing ransomware, mass Denial of Service attacks, and much more”
Want to publish your own articles on DistilINFO Publications?
Send us an email, we will get in touch with you.
How Can The Hacker Use Malicious Subtitles To Gain Access To Your PC or Tablet?
1. Handling Subtitles Is Tricky
According to Check Point researchers, the media player developers haven’t really devoted enough time to ensure the safety of subtitles. These subtitles are available in a wide number of formats, and handling them can be very tricky.
Omri Herscovici, vulnerability research team leader at Check Point says,
“The supply chain for subtitles is complex, with over 25 different subtitle formats in use, all with unique features and capabilities. This fragmented ecosystem, along with limited security, means there are multiple vulnerabilities that could be exploited, making it a hugely attractive target for attackers”
2. All Devices Are At Risk
Media players can become compromised when they try to load a subtitle file. Malicious subtitles can include code which can give total control of your system to the hackers. PCs, smart TVs, mobile devices and tablets all are at risk of subtitle hack.
3. Subtitles Are Overlooked By Antivirus Software’s
Subtitles are considered to be simple text files by leading antivirus software. Hence these are easily overlooked during real-time scans.
Check Point says:
“These subtitles repositories are, in practice, treated as a trusted source by the user or media player; our research also reveals that those repositories can be manipulated and be made to award the attacker’s malicious subtitles a high score, which results in those specific subtitles being served to the user”
Video Subtitle Hack – Check Out A Video
How Many Users Are Affected?
Over 200 million users are susceptible to subtitle hack. VLC alone has 170 million users with other 40 million users consumed by Kodi.
How To Be Safe?
Fortunately, after being warned to the subtitles hack, the developers of popular media player like, Popcorn Time, Kodi, VLC and Stremio all have released updates incorporating its fix. So, if you haven’t updated your software, its time you immediately do it.
Date: 24 May, 2017