• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • December 5th, 2019
  • Home
  • About Us
  • Team
  • Advertise
  • Submit News
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Google+
    • Linkedin
    • Youtube
Home » Security » Hackers have found a way to hijack your system through subtitles

Hackers have found a way to hijack your system through subtitles

May 24th, 2017 Jahanzaib Hassan Malware, Security 0 comments
Hackers have found a way to hijack your system through subtitles
Share on FacebookShare on Twitter

Check Point Software Technologies Ltd has revealed that its researchers have found a major attacking method in which hackers use vulnerabilities in media players which automatically download subtitles for various movies.

As such, some of the most well-known media players such as Kodi, VLC and Popcorn Time have been compromised as these players are configured to download subtitles from online subtitle repositories automatically.

So how does it work? 

Check Point reported that attackers usually make use of two hacking methods to hijack a system. They either coax users into clicking a link which activates malware or they trick users into downloading a file which contains the malware.

Nevertheless, a new method has just been discovered in which an attacker can easily exploit vulnerabilities in media players and inject malware through subtitles into the systems of those who use such media players to stream online content.

The problem here is that unlike traditional malware links and files, subtitle files are simply pieces of texts written in a way that makes it impossible for security experts, anti-virus software and users to identify whether the subtitle file has actually been compromised. In such a situation, it is only after an attack has been launched that the victim discovers that their security has been compromised.

The attack is usually done by exploiting certain vulnerabilities in media files which consider online subtitle repositories as trustworthy and reliable. However, attackers can easily manipulate such repositories and make the media players download the infected media files by toggling with the repository’s configuration.

According to CheckPoint’s blog post:

  • Our research reveals a new possible attack vector, using a completely overlooked technique in which the cyber attack is delivered when movie subtitles are loaded by the user’s media player. These subtitles repositories are, in practice, treated as a trusted source by the user or media player; our research also reveals that those repositories can be manipulated and be made to award the attacker’s malicious subtitles a high score, which results in those specific subtitles being served to the user. This method requires little or no deliberate action on the part of the user, making it all the more dangerous. Unlike traditional attack vectors, which security firms and users are widely aware of, movie subtitles are perceived as nothing more than benign text files.

How does a media player select a subtitle file? 

The principal vulnerability lies in how a media player selects a subtitle file to download. As mentioned earlier, media players such as VLC, usually pick subtitle files automatically from online subtitle repositories which have over 25 different formats in which a subtitle file is stored.

However, in order to provide a better experience, the media players parse all of the different formats and this involves fragmented software which then gives rise to numerous flaws. It is these flaws that an attacker can exploit to launch an attack.

Furthermore, online repositories have a mechanism through which they rank different subtitle files created by various people. An attacker can manipulate the system into making his or her file rank first. Media players, on the other hand, usually select the files that have a high ranking and are therefore tricked into downloading files which have malware. Also, users who download subtitle files manually, may look for the highest-ranking file and thus get the one which has been infected.

What happens once the file is downloaded?

 After you download the infected file, the perpetrator can virtually take control of your entire machine and do whatever he or she wants; they can do anything from stealing your bank details to injecting harmful malware. Till now, VLC, Popcorn Time, Kodi and Stremio have been found to be affected by the attack.

Here’s the demo

Image Credit: Shutterstock/Thodonal88

  • Tags
  • hacking
  • internet
  • Malware
  • Privacy
  • security
  • VLC
  • Vulnerability
Facebook Twitter Google+ LinkedIn Pinterest
Previous article 386 WannaCry Ransomware and 26 EternalRocks Samples Discovered
Next article Samsung Galaxy S8’ iris scanner hacked using contact lens and photo
Jahanzaib Hassan

Jahanzaib Hassan

Related Posts
Chinese DDoS tool Great Cannon resurfaces to target Hong Kong protestors

Chinese DDoS tool Great Cannon resurfaces to target Hong Kong protestors

Flawed Implementation of RCS Standard putting data of millions at risk

Flawed Implementation of RCS Standard putting data of millions at risk

This Smartwatch is exposing real-time location data of thousands of kids

This Smartwatch is exposing real-time location data of thousands of kids

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

LATEST POSTS
Israeli firm buys Private Internet Access (PIA) VPN raising privacy concerns
Surveillance

Israeli firm buys Private Internet Access (PIA) VPN raising privacy concerns

50
Chinese DDoS tool Great Cannon resurfaces to target Hong Kong protestors
Cyber Attacks

Chinese DDoS tool Great Cannon resurfaces to target Hong Kong protestors

121
Flawed Implementation of RCS Standard putting data of millions at risk
Security

Flawed Implementation of RCS Standard putting data of millions at risk

365
3 arrested, 30,000+ piracy sites shut down in global operation IOSX
News

3 arrested, 30,000+ piracy sites shut down in global operation IOSX

539

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us