You’re probably asking, but how? Well it’s all to do with the subtitle files themselves and since they usually bypass security software it gives the attacks full control of the system.
So that was it in a nutshell. But going into detail, a team of researchers at Check Point Software Technologies discovered vulnerabilities in four of the most popular media player applications which can be hacked by attackers with malicious codes inserted into the subtitle files.
The four media players in question are:
- VLC
- Kodi
- Popcorn Time
- Stremio
Because subtitle files aren’t usually a security hazard, hackers have learnt to exploit them to infiltrate system devices. Whenever you begin to stream a video file with subtitles, the subtitles are download automatically, and 9 times out of 10 security software do not flag subtitle files as threats. Media players often need to parse together multiple subtitle formats to ensure coverage and provide a better user experience, with each media player using a different method. Like other, similar situations which involve fragmented software, this results in numerous distinct vulnerabilities.
How does the attack form?
Attackers pose as subtitle writers and inject malicious code into the files which go unnoticed as the attacker uploads them to online repositories and manipulates the ranking algorithm in order to be grabbed by the trusted media players and subsequently downloaded by users.
Video demonstrating the hack:
How to protect yourself from this attack?
This week there have been updates from the four media players, all of which have said to have addressed the problem and patched the flaws. But who’s to say whether this method may still be exploited in the near future.