Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
  HOME     MENU     SEARCH     NEWSLETTER    
THE ENTERPRISE SECURITY SUPERSITE. UPDATED 8 MINUTES AGO.
You are here: Home / Network Security / Subtitle Hack Threatens 200M Devices
Hack Attack by Subtitles Threatens Millions of Users Worldwide
Hack Attack by Subtitles Threatens Millions of Users Worldwide
By Jef Cozza / Enterprise Security Today Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
MAY
25
2017
If there wasn't enough to worry about already, hackers have now figured out a way to attack computers though the subtitles in videos. The new vulnerability allows remote attackers to take complete control of machines using malicious subtitle files, including those commonly used with video applications and systems such as VLC, Kodi (XBMC), Popcorn-Time, and strem.io.

The problem is so widespread among so many different video playback tools that the number of potentially vulnerable machines could be as high as 200 million worldwide, according to Check Point Software Technologies, the security company whose researchers first discovered the issue.

An Open Door

This particular method of mounting an attack seems especially insidious because it can be executed so easily. Hackers can take complete control over the entire subtitle supply chain without resorting to man-in-the-middle attacks or requiring any user interaction. Other attacks require that hackers intercept network traffic between two parties, convince users to visit malicious Web pages or download malicious code.

That is not the case here. Instead, the attack is launched though the use of a malicious subtitle file, such as a .srt file, crafted by the hacker. The malicious file can then be uploaded to one of a number of free subtitle repositories such as OpenSubtitles.org. Oftentimes, there may be multiple files with different versions of the subtitles stored on the repositories. In that case, the repositories will rank the different files in order of perceived quality.

But the researchers from Check Point found that they were able to manipulate the ranking algorithms used by these repositories, allowing them to ensure that their malicious file would receive the highest ranking. That is important not only because many users rely on those rankings to decide which files to download, but many platforms automatically download subtitle files and use the repositories' ranking systems to choose which to download.

Too Many Formats

One of the main problems is that subtitle files are usually viewed as simple -- and benign -- text files, which means they don't often receive the same level of vetting from antivirus programs as other files user might download. In addition, there are more than 25 different types of subtitle formats in existence, making it difficult for video apps to correctly identify whether particular files are malicious.

At the same time, the large number of video players on the market adds to the challenge of developing a coordinated set of tools to combat the problem. Once users load the subtitle files into their video players, the attack is launched. Once loaded, the malicious files could deliver almost any kind of payload, including ransomware, or steal sensitive information from users' computers.

Although Check Point has only tested four video apps for the vulnerability, the company said many more video players could also be affected.

Image credit: iStock.

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
MORE IN NETWORK SECURITY
ENTERPRISE SECURITY TODAY
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2017 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.