Story image

Hackers target subtitle files in major media players - including VLC

29 May 17

If you use media players such as VLC, Kodi, Popcorn-Time and strem.io, chances are your device has a vulnerability that allows cyber attackers to create malicious subtitle files, which are then downloaded directly to your media player.

Check Point researchers discovered the vulnerability last week, with estimates that around 200 million video players are at risk. They're calling it one of the most widespread, easily-accessed and zero-resistance vulnerabilities in years.

The attack works by using subtitle databases that are trusted by both users and media players by default. Those databases such as OpenSubtitles.org can also host malicious content, which is then given false trust rankings to boost it to the top of the list. Users just need to download the top results and immediately the payload is delivered as the media player downloads the infected subtitles.

Attackers can then take control of victims' machines, whether that machine is a PC, mobile device or smart TV. They could then install malware, steal sensitive information or conduct mass DoS attacks.

"Unlike traditional attack vectors, which security firms and users are widely aware of, movie subtitles are perceived as nothing more than benign text files. This means users, Anti-Virus software, and other security solutions vet them without trying to assess their real nature, leaving millions of users exposed to this risk," Check Point's blog says.

Researchers believe that it shows how flawed media players are when it comes to security and subtitle file processing. Subtitle formats number more than 25, and each format comes with different features. They state that media players often use many different formats to stitch together subtitle files, which means there are massive holes in each kind of software.

Researchers also state that VLC has reached more than 170 million downloads and Kodi (XBMC) has more than 10 million. Potential victims could also in the hundreds of millions if the software isn't patched.

While researchers haven't tested other media players, they suspect similar holes will also exist. Since Check Point disclosed the vulnerabilities, VLC, Kodi, Stremio have made updated versions available on their website. PopcornTime has also created a fixed version.

How does the attack work? Find out more in the video below.

Australian businesses get serious about SD-WAN
"SD-WAN is doing to enterprise networks what virtualisation did to enterprise data centres almost a decade ago, but it's happening much faster."
How to keep network infrastructure secure and available
Two OVH executives have weighed in on how network infrastructure and the challenges in that space will be evolving in the coming year.
White box losing out to brands in 100 GE switching market
H3C, Cisco and Huawei have all gained share in the growing competition in the data centre switching market.
Gartner names newcomer Exabeam a leader in SIEM
The vendor landscape for SIEM is evolving, with recent entrants bringing technologies optimised for analytics use cases.
52mil users affected by Google+’s second data breach
Google+ APIs will be shut down within the next 90 days, and the consumer platform will be disabled in April 2019 instead of August 2019 as originally planned.
How Fujitsu aims to tackle digitalisation and the data that comes with it
Fujitsu CELSIUS workstations aim to be the ideal platform for accelerating innovation and data-rich design.
Genesys PureCloud generates triple-digit revenue growth year on year
In Australia and New Zealand, the company boosted PureCloud revenue by nearly 100%.
Symantec releases neural network-integrated USB scanning station
Symantec Industrial Control System Protection Neural helps defend against USB-borne cyber attacks on operational technology.