Video Subtitle Files for Media Players Can Be Used to Take Control of Any Device: Report

Share on Facebook Tweet Snapchat Share Reddit Comment
Video Subtitle Files for Media Players Can Be Used to Take Control of Any Device: Report
  • Check Point researchers discovered the malicious subtitles
  • Researchers found popular media players like VLC and other infected
  • Fixed version for VLC, Kodi, Popcorn-Time and available

Researchers have claimed that popular media players are vulnerable to malicious subtitles files that could allow attackers to take control of any type of device. The researchers estimate that roughly 200 million video players and online streamers are currently vulnerable to such an attack.

The researchers at Check Point say that the malicious subtitle files once downloaded for a media player use could help attackers "complete control over any type of device" via vulnerabilities found in many popular streaming platforms including VLC, Kodi, Popcorn-Time and

Check Point researchers further explain, "Our research reveals a new possible attack vector, using a completely overlooked technique in which the cyberattack is delivered when movie subtitles are loaded by the user's media player. These subtitles repositories are, in practice, treated as a trusted source by the user or media player; our research also reveals that those repositories can be manipulated and be made to award the attacker's malicious subtitles a high score, which results in those specific subtitles being served to the user. This method requires little or no deliberate action on the part of the user, making it all the more dangerous."

Unlike traditional attacks, movie subtitles is usually seen as a benign text file by the system which means antivirus software, and other security solutions vet them without trying to assess their real nature, leaving millions of users exposed to this risk.

Once the attacker takes control of the victim's device whether it is a computer, a smart TV, or a mobile device, the potential damage the attacker can inflict is endless, ranging anywhere from stealing sensitive information, installing ransomware, mass Denial of Service attacks, and much more.

Check Point researchers tested and found vulnerabilities in four popular media players like VLC, Kodi, Popcorn Time and Stremio. The media players have received patches to avoid the attack by malicious subtitles, and users can download the fixes via the Check Point site.


For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

How Paytm Payments Bank Affects You: What You Need to Know
Google's AlphaGo DeepMind AI Beats Human Champion Ke Jie Again, Wins Series

Related Stories




© Copyright Red Pixels Ventures Limited 2020. All rights reserved.
Listen to the latest songs, only on