Video Subtitle Files for Media Players Can Be Used to Take Control of Any Device: Report

Video Subtitle Files for Media Players Can Be Used to Take Control of Any Device: Report
Highlights
  • Check Point researchers discovered the malicious subtitles
  • Researchers found popular media players like VLC and other infected
  • Fixed version for VLC, Kodi, Popcorn-Time and strem.io available
Advertisement

Researchers have claimed that popular media players are vulnerable to malicious subtitles files that could allow attackers to take control of any type of device. The researchers estimate that roughly 200 million video players and online streamers are currently vulnerable to such an attack.

The researchers at Check Point say that the malicious subtitle files once downloaded for a media player use could help attackers "complete control over any type of device" via vulnerabilities found in many popular streaming platforms including VLC, Kodi, Popcorn-Time and strem.io.

Check Point researchers further explain, "Our research reveals a new possible attack vector, using a completely overlooked technique in which the cyberattack is delivered when movie subtitles are loaded by the user's media player. These subtitles repositories are, in practice, treated as a trusted source by the user or media player; our research also reveals that those repositories can be manipulated and be made to award the attacker's malicious subtitles a high score, which results in those specific subtitles being served to the user. This method requires little or no deliberate action on the part of the user, making it all the more dangerous."

Unlike traditional attacks, movie subtitles is usually seen as a benign text file by the system which means antivirus software, and other security solutions vet them without trying to assess their real nature, leaving millions of users exposed to this risk.

Once the attacker takes control of the victim's device whether it is a computer, a smart TV, or a mobile device, the potential damage the attacker can inflict is endless, ranging anywhere from stealing sensitive information, installing ransomware, mass Denial of Service attacks, and much more.

Check Point researchers tested and found vulnerabilities in four popular media players like VLC, Kodi, Popcorn Time and Stremio. The media players have received patches to avoid the attack by malicious subtitles, and users can download the fixes via the Check Point site.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Ketan Pratap
Ketan Pratap is the editor at Gadgets 360 - with over 12 years of experience covering the technology domain. With a breadth and depth of knowledge in the field, he's done extensive work across news, features, reviews, and opinion pieces. But what's truly inspiring about Ketan is how he spends his free time. He's often found gazing at snow-capped mountains from over 20,000 feet while sitting on the hood of his car, taking in the breathtaking beauty of nature. His passion for the great ...More
How Paytm Payments Bank Affects You: What You Need to Know
Google's AlphaGo DeepMind AI Beats Human Champion Ke Jie Again, Wins Series
Share on Facebook Gadgets360 Twitter Share Tweet Snapchat Share Reddit Comment google-newsGoogle News
 
 

Advertisement

Follow Us

Advertisement

© Copyright Red Pixels Ventures Limited 2024. All rights reserved.
Trending Products »
Latest Tech News »