Stories
Slash Boxes
Comments

SoylentNews is people

Hackers Can Use Subtitles to Take Over Millions of Devices Running VLC, Kodi, Popcorn Time and Strem

posted by Fnord666 on Tuesday May 23 2017, @05:10PM   Printer-friendly
from the targeting-the-hard-of-hearing dept.

MrPlow writes:

Submitted via IRC for TheMightyBuzzard

Check Point researchers revealed a new attack vector threatening millions of users of popular media players, including VLC, Kodi (XBMC), Popcorn Time and Stremio. By crafting malicious subtitle files for films and TV programmes, which are then downloaded by viewers, attackers can potentially take complete control of any device running the vulnerable platforms.

"The supply chain for subtitles is complex, with over 25 different subtitle formats in use, all with unique features and capabilities. This fragmented ecosystem, along with limited security, means there are multiple vulnerabilities that could be exploited, making it a hugely attractive target for attackers," said Omri Herscovici, vulnerability research team leader at Check Point.

The subtitles for films or TV shows are created by a wide range of subtitle writers, and uploaded to shared online repositories, such as OpenSubtitles.org, where they are indexed and ranked. Researchers also demonstrated that by manipulating the repositories' ranking algorithm, malicious subtitles can be automatically downloaded by the media player, allowing a hacker to take complete control over the entire subtitle supply chain without user interaction.

Source: https://www.helpnetsecurity.com/2017/05/23/subtitle-hack/

Original Submission

 
This discussion has been archived. No new comments can be posted.
Hackers Can Use Subtitles to Take Over Millions of Devices Running VLC, Kodi, Popcorn Time and Strem | Log In/Create an Account | Top | 45 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by julian on Tuesday May 23 2017, @05:36PM (5 children)

    by julian (6003) on Tuesday May 23 2017, @05:36PM (#514409)

    I've almost finished my breadboard computer, which can neither be hacked nor perform practically useful work!

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 0) by Anonymous Coward on Tuesday May 23 2017, @05:39PM

    by Anonymous Coward on Tuesday May 23 2017, @05:39PM (#514412)

    That's how the overlords keep the little people too busy to question the present order of things.

  • (Score: 2) by maxwell demon on Tuesday May 23 2017, @06:12PM (1 child)

    by maxwell demon (1608) on Tuesday May 23 2017, @06:12PM (#514434) Journal

    You think it cannot be hacked? Stand by while I'm fetching my axe … ;-)

    --
    The Tao of math: The numbers you can count are not the real numbers.

    • (Score: 1, Funny) by Anonymous Coward on Tuesday May 23 2017, @07:02PM

      by Anonymous Coward on Tuesday May 23 2017, @07:02PM (#514464)

      I see you've played breadboard-axey before!

  • (Score: 1) by Maskawanian on Tuesday May 23 2017, @08:11PM (1 child)

    by Maskawanian (5039) on Tuesday May 23 2017, @08:11PM (#514501)

    I'm enjoying watching it. Do you plan on connecting it up to your solar system in any way?

    Greetings from across the pond in Canada!

    • (Score: 0) by Anonymous Coward on Wednesday May 24 2017, @12:40PM

      by Anonymous Coward on Wednesday May 24 2017, @12:40PM (#514774)

      Do you plan on connecting it up to your solar system in any way?

      Well, that escalated quickly.