Malicious Subtitles Threaten VLC, Kodi and Popcorn Time Users, Researchers Warn

Millions of people risk having their devices and systems compromised by malicious subtitles, according to a new research published by security firm Check Point. The threat comes from a previously undocumented vulnerability which affects users of popular streaming software, including Kodi, Popcorn-Time, and VLC. Developers of the applications have already applied fixes and in some cases, working on it. From a report: While most subtitle makers do no harm, it appears that those with malicious intent can exploit these popular streaming applications to penetrate the devices and systems of these users. Researchers from Check Point, who uncovered the problem, describe the subtitle 'attack vector' as the most widespread, easily accessed and zero-resistance vulnerability that has been reported in recent years. "By conducting attacks through subtitles, hackers can take complete control over any device running them. From this point on, the attacker can do whatever he wants with the victim's machine, whether it is a PC, a smart TV, or a mobile device," they write.

Look out for those bootleg Hungarian dubs!

[ToTheStars]

"Zis tabakonist is scratched. I weel not buy eet."

"My hovercraft is full of eels. Do you want to come back to my place, bouncy-bouncy?"

Of course, it's the German gag dub that's the real killer: "Wenn ist das Nunnstuck, git und Slotermayer..."

Re:Plain Text

[Merk42]

To begin with, there are over 25 subtitle formats in use, each with unique features and capabilities. Media players often need to parse together multiple subtitle formats to ensure coverage and provide a better user experience, with each media player using a different method.

25?! Ridiculous!
We need to develop one universal standard that covers everyone's use cases.

Re:Plain Text

[itamihn]

https://xkcd.com/927/