While using a media player to watch movies with subtitles, you’re probably at greater risk if you're prone to visiting numerous media sites that allow you to download subtitles for movies in various languages.
According to Check Point, an online security firm, hackers can take control of your PC, phone or streaming box through subtitles.
With subtitles repositories treated as trusted sources by media player; Check Point research has shown that the repositories can be manipulated, which results specific attacker’s malicious subtitles being served to users.
The attackers could also insert malicious code into the text files that facilitate the onscreen translations of your favorite foreign film.
And through the crafty malicious subtitle files, which are then downloaded by a victim’s media player, attackers can take complete control over any type of device via vulnerabilities found in many popular streaming platforms, including VLC, Kodi (XBMC), Popcorn-Time and strem.io.
Check Point, however stated that no known exploitation of the flaws has been detected in the wild; but had actually pulled off the hack as a proof of concept. Albeit, they’ve posted links and instructions to help developers to resolve the flaws in their apps.
How hackers can take control of PC, phone or streaming box via subtitles
While using a media player to watch movies with subtitles, you’re probably at greater risk if you're prone to visiting numerous media sites that allow you to download subtitles for movies in various languages.
According to Check Point, an online security firm, hackers can take control of your PC, phone or streaming box through subtitles.
With subtitles repositories treated as trusted sources by media player; Check Point research has shown that the repositories can be manipulated, which results specific attacker’s malicious subtitles being served to users.
The attackers could also insert malicious code into the text files that facilitate the onscreen translations of your favorite foreign film.
And through the crafty malicious subtitle files, which are then downloaded by a victim’s media player, attackers can take complete control over any type of device via vulnerabilities found in many popular streaming platforms, including VLC, Kodi (XBMC), Popcorn-Time and strem.io.
Check Point, however stated that no known exploitation of the flaws has been detected in the wild; but had actually pulled off the hack as a proof of concept. Albeit, they’ve posted links and instructions to help developers to resolve the flaws in their apps.