Evil subtitles can allow hackers to compromise your computer and maybe your TV while watching movies.
Check Point security researchers announced a new attack vector which affects and threatens millions of users around the world. By crafting malicious subtitle files, which are then downloaded by a victim’s media player, hackers can compromise users devices via vulnerabilities found in popular media players like VLC, Kodi, Popcorn-Time and stremio. About 200 million video players and streamers that currently run the vulnerable programs, which making this attack one of the most widespread. Check Point security researchers believe that similar security flaws also exist in the other media players.
The following video shows how victims can be hacked through evil (suspicious) subtitles by using one of the affected media players, where the hidden malicious code runs once the movie is played. On the right-hand side of the screen is the attacker’s computer, running the hacker operating system, Kali Linux which is waiting for the victim’s computer to connect to its computer.
Check Point researchers has already reported the vulnerabilities to the developers of VLC, Kodi, Popcorn Time and Stremio applications. Users are recommended to update their media player software as soon as possible.