Lost in translation or hacked in translation? Subtitles with VLC, Kodi or someone else player; Καλύτερα να προσέχετε από πού κατεβάζετε τους υπότιτλους σας (subtitles): Αποδεικνύεται ότι οι εισβολείς μπορούν να μολύνουν υπότιτλους (subtitles) με κακόβουλο κώδικα για να εκμεταλλευτούν ευπάθειες σε δημοφιλή media players and take control of your device.
Researchers from the security firm Check Point have discovered an unusual attack, which relies on the hidden logintreatment κακόβουλου λογισμικού σε αρχεία υποτίτλων. Η λίστα με τους ευπαθείς players συμπεριλαμβάνει μέχρι τώρα δημοφιλείς εφαρμογές όπως τις: VLC, Kodi, P Time and Stremio.
According to their findings, security experts estimate that there are about 200 millions streamers running vulnerable software, making this particular attack "one of the most widespread" at the moment.
Check Point provides a PoC that shows how remote code execution can take place in Popcorn Time and Kodi (you will find it at the end of the publication).
What makes the attack particularly important is that many of the media players involved as well as users consider subtitle repositories as a "reliable source".
In addition, Check Point warns that antivirus software and other similar security alternatives often interpret subtitles as "benign text files" and check them without attempting to carefully evaluate their nature.
"The attack is largely based on the poor security situation that exists in the way some media players process subtitles, but also the large number of subtitle formats. Initially, there are over 25 forms of subtitles that we use, each with unique features and capabilities ", says the article on their blog.
Since then, Check Point has informed the major media developers affected. Unfortunately, while some issues have already been corrected, there are others that still make the software vulnerable to this kind of attack. For this reason, the security company decided not to reveal further technical details to prevent further attacks.
Until then: Better avoid popular subtitle repositories.