Lost in translation or hacked in the translation? Subtitles with VLC, Kodi or another player? Better be careful where you download your subtitles from: It turns out that attackers can infect subtitles with malicious code to exploit vulnerabilities in popular media players and take control of your device.
Researchers from security firm Check Point have discovered an unusual attack, which relies on stealthily injecting malware into archives subtitles. The list of vulnerable players includes so far popular ones applications such as: VLC, Kodi, Popcorn Time and Stremio.
According to their findings, security experts estimate that there are about 200 million streamers running vulnerable software, making this attack "one of the most widespread" at the moment.
Check Point provides a PoC that shows how remote code execution can take place in Popcorn Time and Kodi (you will find it at the end of the publication).
What makes the attack particularly important is that many of the media players involved as well as users consider subtitle repositories as a "reliable source".
Additionally, Check Point warns that the software protectionAnti-virus and other similar security alternatives often interpret subtitles as "benign text files" and scan them without trying to carefully assess their nature.
"The attack is largely based on the poor security situation that exists in the way some media players process subtitles, but also the large number of subtitle formats. Initially, there are over 25 forms of subtitles that we use, each with unique features and capabilities ", says the article on their blog.
Since then, Check Point has informed the major media developers affected. Unfortunately, while some issues have already been corrected, there are others that still make the software vulnerable to this kind of attack. For this reason, the security company decided not to reveal further technical details to prevent further attacks.
Until then: Better avoid popular subtitle repositories.
