Beware! While Enjoying Movies With Subtitles Files – Your Computer Can Hack
By Prempal Singh
Do you really watch movies with subtitles?
You peoples are unaware that a little subtitles file could hand over full control of your computer to the hackers while watching the movie.
A team of experts at Check Point has uncovered vulnerabilities in four of the most popular media player applications, that can be exploited by hackers to hijack “any type of device via vulnerabilities, whether it is a PC, a smart TV, or a mobile device” with malicious codes inserted into the subtitle files.
“We have now uncovered harmful subtitles could be created and delivered to a lot of devices automatically, bypassing security software and giving the attacker full control of the infected device and the information it holds, he added.
These four vulnerable media players (mentioned below) have been downloaded more than 220, 000, 000 times:
- VLC — Popular VideoLAN Media Player — Popular VideoLAN Media Player
- Kodi (XBMC) — Open-Source Media Software
- Popcorn Time — Software to watch Movies and TV shows instantly
- Stremio — Video Streaming App for Videos, Movies, TV series and TV channels
The vulnerabilities stay in the way various media players process caption files and if used successfully, could put hundreds of millions of users at risk of getting hacked.
As soon as the media player decompose those malicious subtitles data files before displaying the genuine subtitles on your display screen, the hackers are approved full control of your computer or Smart TV on which you operated those files.
Since text-based subtitles for movies and TV shows are created by writers and then uploaded to Internet stores, like OpenSubtitles and SubDB, hackers could also create malicious text files for same Television shows and videos.
“Our researchers were able to show that by manipulating the website’s rating algorithm, we could ensure crafted malicious subtitles would be those automatically downloaded by the media player, allowing a hacker to take complete control over the whole subtitle supply string, without resorting to a person in the Middle attack or requiring user connection, ” CheckPoint researchers said.
The researchers assume that similar security vulnerabilities also can be found in other streaming media players.
How to Protect Your Computer from Hackers?
Check Point has already informed the programmers of VLC, Kodi, popcorn Time and Stremio applications about the recently uncovered vulnerabilities.”To allow the developers {additional time|more hours} to {treat|talk about|addresses} the vulnerabilities, we’ve {made the decision|determined|made a decision} not to publish any further technical details at this point, ” the researchers said.
“To allow the developers additional time to addresses the vulnerabilities, we’ve determined not to publish any further technical details at this point, ” the researchers said.
All of them have patched the flaws, with Stremio and VLC releasing the patched versions with their software: Stremi 4. 0 and VLC 2.2.5 that has been out for 2 weeks.
However, Kodi programmer Martijn Kaijser said the official version 17. 2 release would arrive later this week, while users could get a set version online. A spot for Popcorn Time is available too online.
Consequently, users are encouraged to update their media player as soon as possible.
Source: thehackernews.com