Hackers are hiding computer viruses in film subtitles to take control of devices


Millions of people may be at risk from a new method of hacking that infects devices with hidden computer viruses in the subtitles of online videos, according to security researchers.
Cybersecurity firm Check Point found that subtitle files for films and TV shows could be manipulated to allow hackers to take complete control over any type of device via vulnerabilities found in popular streaming platforms, including VLC, Popcorn-Time and Kodi.
“The supply chain for subtitles is complex, with over 25 different subtitle formats in use, all with unique features and capabilities,” says Omri Herscovici, vulnerability research team leader at Check Point, in an email to Newsweek .
“This fragmented ecosystem, along with limited security, means there are multiple vulnerabilities that could be exploited, making it a hugely attractive target for attackers.”
Subtitles appear over a confrontation scene between a South Korean (L) and North Korean soldier from a movie titled "Joint Security Area" at a theatre in Seoul August 22, 2000.LJW/CC
Herscovici says Check Point discovered malicious subtitles that could be delivered to millions of devices automatically, bypassing security software and giving the attacker full access to the data it holds.
The security firm estimates there are approximately 200 million video players and streamers that currently run the vulnerable software. A blog post describing the issue describes it as “one of the most widespread, easily accessed and zero-resistance vulnerability reported in recent years.”
An infographic explains how hackers are able to take control of a victim's device though malicious subtitles.CHECK POINT
The cyberattack is delivered when media players load the subtitles, which are hidden in online subtitle repositories by the hackers. The media players, which draw from multiple subtitle formats to ensure a better user experience, perceive the subtitles as nothing more than benign text files.
“This means users, anti-virus software, and other security solutions vet them without trying to assess their real nature, leaving millions of users exposed to risk,” the blogpost states.
“The potential damage the attacker can inflict is endless, ranging anywhere from stealing sensitive information, installing ransomware, mass Denial of Service attacks, and much more.”
Check Point disclosed the vulnerabilities to the media player companies, who released new software versions that incorporate a fix for the issue. “To protect themselves and minimize the risk of possible attacks, users should ensure they update their streaming players to the latest versions,” Herscovici added.

Comments

Post a Comment

Popular posts from this blog

Mark Zuckerberg returned and collected an honorary degree 13 years after dropping out from Harvard University.

Image
He returned to the Ivy League school to address its graduating class. The Facebook CEO began his speech telling students, “You accomplished something I never could.” Zuckerberg had enrolled in Harvard College in 2002 and dropped out after two years without completing his degree. The 33-year-old had launched the social media platform, which was then known as “Thefacebook”, in his Harvard dorm room in 2004 where he also met Priscilla Chan. He made a 24-minute video from the Harvard dorm room and addressed while looking visibly excited. His parents also showed up to the school to help him pack up his belongings, and his friends threw him a goodbye party as well. Zuckerberg, who like the graduates is a millennial, started Facebook in his dorm room in 2004. What began as a closed networking site for Harvard students is now a global communications force with nearly 2 billion members. Zuckerberg follows another famous Harvard dropout, Bill Gates, who spoke before its graduates
Read more

'RHONY' Return to The Berkshires Where Luann Is Grilled About Tom

Image
The Real Housewives of New York returned to The Berkshires on Wednesday night's episode, and birthday girl Dorinda Medley took measures to ensure it wasn't a "shit show" like last year. Aside from a toppled birthday cake, growing tension between roommates Sonja Morgan and Tinsley Mortimer and rumors surrounding Tom D'Agostino's continued infidelity, the getaway was all tinsel and gingerbread men -- except it wasn't. "You never know what's gonna happen at The Berkshires," Bethenny Frankel told confessional cams. "You could put me in a house with Jack Nicholson in the middle of the Goddamn woods in a snowstorm with a maze attached to it, and I'll be more comfortable than coming to Dorinda's house in The Berkshires." Once Bethenny arrived, it was straight to closed quarters with Carole Radziwill, where the two discussed Luann D'Agostino's upcoming wedding and how to handle the rumors they've heard regarding
Read more