Hackers use subtitle files to take over computers
Published : 25 May 2017, 19:13
Millions of users worldwide are under threat from a new type of cyberattack, which means their computers might fall into hackers' complete takeover while enjoying foreign movies.
The crafted subtitle files would allow attackers to take "complete control" over any type of device via vulnerabilities found in many popular streaming platforms, Check Point, the world's largest pure-play security vendor, warned on Tuesday.
The virus could get access to users' digital devices while they are visiting a malicious website or running a malicious file on their computers.
Unlike traditional attack vectors, which security firms and users are widely aware of, the subtitles are, in practice, usually perceived as nothing more than benign text files. When anti-virus software vet them without trying to assess their real nature, hundreds of millions of PC, smart TV, and mobile device users will be exposed to the risk.
The report says the exploit is one of the "most widespread, easily accessed and zero-resistance vulnerability" in recent years. The worst scenarios include but are not limited to sensitive information theft, "ransomware" installation, or even mass Denial of Service attacks.
To date, researchers have tested and found vulnerabilities in some of the most prominent media players like VLC, Kodi, Popcorn Time and Stremio, and "have reasons" to believe they exist in other media players as well.
Media player developers are publishing the platform update to defend -- with some of the issues fixed and some still under investigation, the report says.