Hackers are hiding computer viruses in film subtitles, security experts warn
Hackers are hiding computer viruses in film subtitles,
security experts warn
By James Titcomb 25 MAY 2017 • 8:55AM
Hackers can hide computer viruses in online video
subtitles and use them to take control of computers, security experts have
warned.
The attacks are embedded within the subtitle files that
accompany many illegally downloaded films, and easily bypass security software
and antivirus programs designed to keep computers safe.
Check Point, the security group that discovered the flaw,
said millions of people who use video software including to stream or play
films and TV shows on computers could be at risk.
They warned that the attack lets hackers take
"complete control" over any type of device using the software,
including smart TVs. It identified four programs - VLC, Kodi, Popcorn Time and
Stremio - but said there could be more.
"We estimate there are approximately 200 million
video players and streamers that currently run the vulnerable software, making
this one of the most widespread, easily accessed and zero-resistance
vulnerabilities reported in recent years," they said.
Many videos do not come with their own subtitles, but
computer media players often automatically download special files from a
central online repository. Because they
are perceived as harmless text files and use a variety of different formats,
the software does not check them for viruses.
However, Check Point showed it was possible to include
debilitating computer viruses within the files that are activated as soon as
subtitles are switched on. They were also able to manipulate the rankings on
opensubtitles.org, the popular online database, so that video software would
automatically download the virus-filled files.
"This method requires little or no deliberate action
on the part of the user, making it all the more dangerous," the
researchers said.
VLC, Popcorn Time and Kodi are commonly used to stream or
download pirated films, as well as those from legitimate sources. They could be
breached when run on smart TVs and mobile devices as well as PCs.
Check Point warned that once attackers took control of a
system, they could steal files or demand a ransom from victims. "The
potential damage the attacker can inflict is endless, ranging anywhere from
stealing sensitive information, installing ransomware, mass denial of service
attacks, and much more," they said.
VLC, Kodi, Popcorn Time and Stremio said they had
developed patches to protect against the attack, although many users will not
have updated to the latest software. The latest versions of the software are
available to download on their websites.
Comments
Post a Comment