Just when you thought you were safe from hackers, yet another method for gaining access to your computer is discovered – subtitles.
Subtitles, you say? The text that shows at the bottom of a screen for foreign movies?
Researchers have recently discovered a new attack method that allows for hackers to gain access to PCs, mobile devices, and smart TVs via malicious subtitles. Four of the most popular media players on the market – Stremio, Popcorn Time, Kodi, and VLC are at risk. This means that there are hundreds of millions of devices that are susceptible to subtitle hacking.
Hackers are able to create malicious subtitles and essentially bypass any security software on a device, giving the attacker complete control of the device and the data it contains.
Film and TV show subtitles are created by writers and they are uploaded to repository sites online such as OpenSubtitles.org. These files are then indexed and ranked. The problem arises when hackers infiltrate these repositories algorithms to convince device media players to download the malicious subtitles.
Researchers who discovered the hack have alerted developers of the media players that are vulnerable. Some issues have already been addressed while others are still being investigated.
Security researchers encourage all users to be vigilant on updating their streaming players to the latest versions of software possible.
Because all subtitles are typically perceived as benign text files, anti-virus software and security measures are unable to vet malicious files before being downloaded by victims.
It is estimated that there are over 200 million video players that currently run the vulnerable software. The video below illustrates how attackers are able to manipulate subtitles to control your machine.