Print Print    Close Close

PCs can be hacked via video subtitle files, researchers say

By , Brad Jones

Published June 01, 2017

Digital Trends
b2b7240a-POLAND

File photo. (REUTERS/Kacper Pempel)

Researchers at Check Point Security Labs have uncovered a nasty new hacking technique that takes advantage security deficiencies in several popular media players. The exploit uses phony subtitle files to breach a user's defenses, at which point it's possible togain complete control over the system.

Hackers can apparently create malicious subtitle files that run code when they're loaded into a media player, according to the report published by Check Point. The company estimates that hundreds of millions of users running software like VLC, Kodi, Popcorn Time, and Stremio could be at risk.

Subtitle files are generally perceived as being harmless, and as such they're rarelyvetted too stringently by media players or antivirus software. The situation is made worse by the fact that there's little standardization, with over 25 different formats with different features and capabilities currently in use.

Check Point has also determined that subtitle repositories are being manipulated to help distribute the malicious files to users. Subtitles submitted by attackers are having are being boosted in the rankings, making it more likely that they'll be downloaded by users, and selected by media players that can download such files automatically.

More From Digital Trends

  • Google's Project Zero finds Windows vulnerability, calls it 'crazy bad'
  • Pocket your favorite videos with our guide to downloading from YouTube
  • Most Android exploits mentioned in the Wikileaks dump have been patched

Having discovered these vulnerabilities, Check Point disclosed the problem to thedevelopers responsible for the media players that were tested. Some had already taken steps to address the issues, while others are still looking into the situation. As of the time of writing, VLC and Stremio have been officially updated with a fix, while a fixed version of Popcorn Time is available here, and a fixed source code release of Kodi is available here. There are still concerns that other media players might also be affected.

The key here is that subtitle files are being exploited becausethey're widely considered to be innocuous. As soon as users and developers drop their guard, malicious hackers see their window of opportunity and that's why the work done by organizations like Check Point is so important.

Print Print    Close Close

URL

https://www.foxnews.com/tech/pcs-can-be-hacked-via-video-subtitle-files-researchers-say

  • Home
  • Video
  • Politics
  • U.S.
  • Opinion
  • Entertainment
  • Tech
  • Science
  • Health
  • Travel
  • Lifestyle
  • World
  • Sports
  • Weather
  • Privacy
  • Terms

This material may not be published, broadcast, rewritten, or redistributed. © FOX News Network, LLC. All rights reserved. Quotes displayed in real-time or delayed by at least 15 minutes. Market data provided by Factset. Powered and implemented by FactSet Digital Solutions. Legal Statement. Mutual Fund and ETF data provided by Refinitiv Lipper.Do Not Sell my Personal Information - New Terms of Use - FAQ