Privacy News Beware! Subtitle Files Can Hack Your Computer While You're Enjoying Movies

W

worldless

Level 1
Thread author
Verified
Mar 28, 2017
21
Full article: Beware! Subtitle Files Can Hack Your Computer While You're Enjoying Movies
A team of researchers at Check Point has discovered vulnerabilities in four of the most popular media player applications, which can be exploited by hackers to hijack "any type of device via vulnerabilities; whether it is a PC, a smart TV, or a mobile device" with malicious codes inserted into the subtitle files.
[...]
These four vulnerable media players (mentioned below) have been downloaded more than 220 million times:
  • VLC — Popular VideoLAN Media Player
  • Kodi (XBMC) — Open-Source Media Software
  • Popcorn Time — Software to watch Movies and TV shows instantly
  • Stremio — Video Streaming App for Videos, Movies, TV series and TV channels
[...]
As soon as the media player parses those malicious subtitle files before displaying the actual subtitles on your screen, the hackers are granted full control of your computer or Smart TV on which you ran those files.
Click to expand...
 
  • Like
Reactions: Urusen, conceptualclarity, Der.Reisende and 9 others
cyberfort

cyberfort

Level 2
Verified
May 18, 2017
86
worldless said:
Full article: Beware! Subtitle Files Can Hack Your Computer While You're Enjoying Movies

Click to expand...

Can these steps protect us?

1. What if the movie and subtitle is downloaded and is watched in offline mode?

2. What if the player is sandboxed?

3. What if the connection is is encrypted with VPN?

4. What id DEP ( data execution prevention) is enabled in windows - How to: Enable / Disable Data Execution Protection in Windows 10 - Appuals.com

5. Android users - can good permission management help ?
 
  • Like
Reactions: Der.Reisende, Deletedmessiah, shmu26 and 2 others
D

Deleted member 178

cyberfort said:
Can these steps protect us?

1. What if the movie and subtitle is downloaded and is watched in offline mode?

2. What if the player is sandboxed?

3. What if the connection is is encrypted with VPN?

4. What id DEP ( data execution prevention) is enabled in windows - How to: Enable / Disable Data Execution Protection in Windows 10 - Appuals.com

5. Android users - can good permission management help ?
Click to expand...

1- yes
2-yes
3- No
4- probably
5- no idea, i dont use android
 
  • Like
Reactions: Andy Ful, Der.Reisende, Parsh and 5 others
Deletedmessiah

Deletedmessiah

Level 25
Verified
Top Poster
Content Creator
Well-known
Jan 16, 2017
1,469
cyberfort said:
Can these steps protect us?

1. What if the movie and subtitle is downloaded and is watched in offline mode?

2. What if the player is sandboxed?

3. What if the connection is is encrypted with VPN?

4. What id DEP ( data execution prevention) is enabled in windows - How to: Enable / Disable Data Execution Protection in Windows 10 - Appuals.com

5. Android users - can good permission management help ?
Click to expand...
Android's a completely different system from Windows so the same hack probably won't affect it. Hackers would have to make separate exploit for Android with different codes.
 
  • Like
Reactions: frogboy
cyberfort

cyberfort

Level 2
Verified
May 18, 2017
86
Deletedmessiah said:
Android's a completely different system from Windows so the same hack probably won't affect it. Hackers would have to make separate exploit for Android with different codes.
Click to expand...
Yes i understand that
But if they do it with android app which have permission to control things like airdroid or androrat
Permission management could protect unless there is an exploit?
 
  • Like
Reactions: Deletedmessiah
Deletedmessiah

Deletedmessiah

Level 25
Verified
Top Poster
Content Creator
Well-known
Jan 16, 2017
1,469
cyberfort said:
Yes i understand that
But if they do it with android app which have permission to control things like airdroid or androrat
Permission management could protect unless there is an exploit?
Click to expand...
Definitely. That'd put unpatched Android devices into risk. Which means most of the Android devices out there.
 
  • Like
Reactions: frogboy
D

Deleted member 178

cyberfort said:
Thank you for such a summarized informative answer

Would you like to add some points?
Click to expand...
in point 1 , you are not protected if you still use the weaponized subtitle, you just sever the link to the attacker, so anytime you goes online, the attack will resume.
 
  • Like
Reactions: Deletedmessiah
You must log in or register to reply here.

Similar threads

Prorootect
    • Like
Samsung's Sinister 'Mass Brainwashing' Technology Unveiled
Replies
0
Views
3,213
News Archive
Prorootect
Prorootect
Rengar
    • Like
On Sale! Cyber Week Software Deals
Replies
0
Views
3,246
Discounts and Deals
Rengar
Rengar
Logethica
    • Like
7 of the Riskiest Places on the Web
Replies
6
Views
2,152
News Archive
DardiM
DardiM

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top