Hack Attack by Subtitles Threatens Millions of Users Worldwide
If there wasn't enough to worry about already, hackers have now figured out a way to attack computers though the subtitles in videos. The new vulnerability allows remote attackers to take complete control of machines using malicious subtitle files, including those commonly used with video applications and systems such as VLC, Kodi (XBMC), Popcorn-Time, and strem.io.
The problem is so widespread among so many different video playback tools that the number of potentially vulnerable machines could be as high as 200 million worldwide, according to Check Point Software Technologies, the security company whose researchers first discovered the issue.
An Open Door
This particular method of mounting an attack seems especially insidious because it can be executed so easily. Hackers can take complete control over the entire subtitle supply chain without resorting to man-in-the-middle attacks or requiring any user interaction. Other attacks require that hackers intercept network traffic between two parties, convince users to visit malicious Web pages or download malicious code.
That is not the case here. Instead, the attack is launched though the use of a malicious subtitle file, such as a .srt file, crafted by the hacker. The malicious file can then be uploaded to one of a number of free subtitle repositories such as OpenSubtitles.org. Oftentimes, there may be multiple files with different versions of the subtitles stored on the repositories. In that case, the repositories will rank the different files in order of perceived quality.
But the researchers from Check Point found that they were able to manipulate the ranking algorithms used by these repositories, allowing them to ensure that their malicious file would receive the highest ranking. That is important not only because many users rely on those rankings to decide which files to download, but many platforms automatically download subtitle files and use the repositories' ranking systems to choose which to download.
Too Many Formats
One of the main problems is that subtitle files are usually viewed as simple -- and benign -- text files, which means they don't often receive the same level of vetting from antivirus programs as other files user might download. In addition, there are more than 25 different types of subtitle formats in existence, making it difficult for video apps to correctly identify whether particular files are malicious.
At the same time, the large number of video players on the market adds to the challenge of developing a coordinated set of tools to combat the problem. Once users load the subtitle files into their video players, the attack is launched. Once loaded, the malicious files could deliver almost any kind of payload, including ransomware, or steal sensitive information from users' computers.
Although Check Point has only tested four video apps for the vulnerability, the company said many more video players could also be affected.