Hackers have found a way to infect devices running video streaming software using malicious subtitle files.
(CCM) — 200 million people risk having their devices taken over by hackers after downloading malicious movie subtitle files, security researchers at Check Point Software Technologies have discovered. Those at risk include anyone running popular streaming platforms including Kodi, VLC, Popcorn Time, and Strem.io. Downloading a maliciously-crafted subtitle can result in the hackers gaining complete control over many types of devices including smart TVs, PCs, and mobile devices. "The potential damage the attacker can inflict is endless, ranging anywhere from stealing sensitive information, installing ransomware, mass denial of service attacks, and much more," the researchers said.
The maliciously-crafted subtitle files are spread through shared online repositories, such as OpenSubtitles.org, which index and rank movie subtitles. Since some media players download subtitles automatically, this makes it easy for attackers to infect users' devices.
Until now, security firms have treated subtitle files as harmless. As a result, most users, anti-virus software, and other security products, do not usually examine them closely before allowing them on to devices.
Kodi, VLC, and Strem.io have all updated their software to fix the issue, and the new versions can be downloaded from their respective web sites. Popcorn Time has also created a fixed version, but this is not yet available for download from its site.
Image: © klenger - Shutterstock.com