Vulnerabilities in media player can give hackers access to your computers and smart TV through innocuous video subtitles!
It is a common habit among all of us, particularly the younger generation to download movie subtitles from various websites to watch the movie. A recent study by the Checkpoint researchers has discovered software vulnerabilities in many of the popularly used media player applications. These vulnerabilities can be exploited by the hackers. The hackers insert malicious codes into the subtitles capable of taking over the control of any type of devices like Computers, Smart TV or mobile phones. These malicious subtitles can be automatically delivered to millions of devices, bypassing the security software and device protection.Below are the most vulnerable four media player applications:- VLC — Popular VideoLAN Media Player
- Kodi (XBMC) — Open-Source Media Software
- Popcorn Time — Software to watch Movies and TV shows instantly
- Stremio — Video Streaming App for Videos, Movies, TV series and TV channels
Researchers also believe that these type of cyber security vulnerabilities can exist in other media player applications also other than those mentioned above.A huge number of users can be at risk of the vulnerability is exploited successfully. It depends on how the subtitles are processed by the media player. Once exploited, before the original subtitles are displayed hackers will gain the complete control over the infected device.Subtitles are created by writers and uploaded to websites like OpenSubtitle, SubDB, Subscene, etc. Since it is quite a simple procedure, hackers also craft similar text subtitles for the respective movie and insert the malicious codes into it. The victims who download them will not be aware of such a brilliant trap."Our researchers were also able to show that by manipulating the website’s ranking algorithm, we could guarantee crafted malicious subtitles would be those automatically downloaded by the media player, allowing a hacker to take complete control over the entire subtitle supply chain, without resorting to a Man in the Middle attack or requiring user interaction," CheckPoint researchers said.How to watch a movie with subtitles without betraying your PC?The media player developers have been informed by the Checkpoint researchers about the current discovery of security vulnerabilities via subtitles."To allow the developers more time to address the vulnerabilities, we’ve decided not to publish any further technical details at this point," the researchers said.Stremio and VLC player have launched their patched software versions - Stremio 4.0 and VLC 2.2.5. It is available since two weeks. Other media players have patched the security flaws and the patched version is available online. Newer versions will be launched in the future.All media player users are strictly advised to update the patched version ASAP to escape from the hackers. https://www.youtube.com/watch?time_continue=6&v=vYT_EGty_6A
