Hackers are hiding computer viruses in film subtitles, security experts warn

Hackers are hiding computer viruses in film subtitles, security experts warn

By James Titcomb 25 MAY 2017 • 8:55AM

Hackers can hide computer viruses in online video subtitles and use them to take control of computers, security experts have warned.

The attacks are embedded within the subtitle files that accompany many illegally downloaded films, and easily bypass security software and antivirus programs designed to keep computers safe.

Check Point, the security group that discovered the flaw, said millions of people who use video software including to stream or play films and TV shows on computers could be at risk.

They warned that the attack lets hackers take "complete control" over any type of device using the software, including smart TVs. It identified four programs - VLC, Kodi, Popcorn Time and Stremio - but said there could be more.

"We estimate there are approximately 200 million video players and streamers that currently run the vulnerable software, making this one of the most widespread, easily accessed and zero-resistance vulnerabilities reported in recent years," they said.

Many videos do not come with their own subtitles, but computer media players often automatically download special files from a central online repository.  Because they are perceived as harmless text files and use a variety of different formats, the software does not check them for viruses.

However, Check Point showed it was possible to include debilitating computer viruses within the files that are activated as soon as subtitles are switched on. They were also able to manipulate the rankings on opensubtitles.org, the popular online database, so that video software would automatically download the virus-filled files.

"This method requires little or no deliberate action on the part of the user, making it all the more dangerous," the researchers said.

VLC, Popcorn Time and Kodi are commonly used to stream or download pirated films, as well as those from legitimate sources. They could be breached when run on smart TVs and mobile devices as well as PCs.

Check Point warned that once attackers took control of a system, they could steal files or demand a ransom from victims. "The potential damage the attacker can inflict is endless, ranging anywhere from stealing sensitive information, installing ransomware, mass denial of service attacks, and much more," they said.

VLC, Kodi, Popcorn Time and Stremio said they had developed patches to protect against the attack, although many users will not have updated to the latest software. The latest versions of the software are available to download on their websites.


Comments

Popular posts from this blog

High-speed Hyperloop track ready for first trial run in Nevada

How the Fed went from lender of last resort to destroyer of American wealth

Apple leaps into AI research with improved simulated + unsupervised learning