Slashdot Mirror

← Back to Stories (view on slashdot.org)

Malicious Subtitles Threaten VLC, Kodi and Popcorn Time Users, Researchers Warn (torrentfreak.com)

Posted by msmash on from the security-woes dept.

Millions of people risk having their devices and systems compromised by malicious subtitles, according to a new research published by security firm Check Point. The threat comes from a previously undocumented vulnerability which affects users of popular streaming software, including Kodi, Popcorn-Time, and VLC. Developers of the applications have already applied fixes and in some cases, working on it. From a report: While most subtitle makers do no harm, it appears that those with malicious intent can exploit these popular streaming applications to penetrate the devices and systems of these users. Researchers from Check Point, who uncovered the problem, describe the subtitle 'attack vector' as the most widespread, easily accessed and zero-resistance vulnerability that has been reported in recent years. "By conducting attacks through subtitles, hackers can take complete control over any device running them. From this point on, the attacker can do whatever he wants with the victim's machine, whether it is a PC, a smart TV, or a mobile device," they write.

2 of 126 comments (clear)

  1. Re:How to avoid these vulnerabilities by war4peace · · Score: 4, Interesting

    What does this have to do with anything?
    I have bought a number of movies during the years, most of which did not have a readily-available Romanian subtitle at release. My wife doesn't speak English but understands it to some extent, the threshold being thick accents. Try to watch "Snatch" without subtitles, even in English, and you'll understand. "Doo ya leik dags?"

    I have a bunch of movies on DVDs which I can enjoy but she can't, so I either rip them to HDD or download the same movie online, then attach a subtitle to it. Now we can both enjoy the movie at its fullest.

    What I am doing is not piracy by any means, it's an extension of already existing features which I legally own the right to use.

    --
    ...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)
  2. Re:Plain Text by Anonymous Coward · · Score: 4, Interesting

    I remember when I wanted to get the subtitles off a blu ray, it was done via OCR. Support your .srt creating peeps, it's a pain in the ass.

    Might have something to do with font styles, alphabets and such. Easier to have it per-rendered than text formatting logic in the players.