The heart of tech

This article was published on May 24, 2017


Attack by subtitles: Media player exploit grants hackers access to your system

Attack by subtitles: Media player exploit grants hackers access to your system
Mix
Story by

Mix

Former TNW Writer

Mix is a tech writer based in Amsterdam that loves cinema and probably hates the movies that you like. Tell him everything you despise about Mix is a tech writer based in Amsterdam that loves cinema and probably hates the movies that you like. Tell him everything you despise about his work on Twitter.

Better watch out where you download your subtitles from: It turns out attackers can infect subtitles with malicious code to exploit vulnerabilities in popular media players and take control of your device

Researchers from security firm Check Point have discovered an unusual attack vector that relies on surreptitiously inserting malware in subtitle files to perform cyberattacks. The list of affected media players so far includes popular apps like VLC, Kodi, Popcorn Time and Stremio.

According to their findings, the security experts estimate there are approximately 200 million streamers running iterations of the vulnerable software, making this “one of the most widespread” attacks in recent memory.

Check Point has since recorded a demonstration to show how the remote code execution takes place in Popcorn Time and Kodi. Watch the footage below:

What makes the infection vector particularly compelling is that many of the affected media players and users treat subtitle repositories as a “trusted source.”

In addition, Check Point warns that anti-virus software and similar security alternatives often interpret subtitles as “benign text files” and vet them without trying to carefully assess their nature.

“The attack vector relies heavily on the poor state of security in the way various media players process subtitle files and the large number of subtitle formats. To begin with, there are over 25 subtitle formats in use, each with unique features and capabilities,” the blog post reads. “[T]his results in numerous distinct vulnerabilities.”

Check Point has since informed the most prominent affected media clients. Unfortunately, while some issues have already been eliminated, others are yet to be patched. For this reason, the security firm has decided not to reveal any further technical details to prevent further attacks.

Until then: Better steer clear of popular subtitle repositories – it might save you a lot of hassle.

Visit the Check Point blog here to read the full bug report.

Also tagged with