Skip to main content
  1. Home
  2. Computing
  3. News

Subtitles hack can control your system through media player vulnerabilities

By

Researchers at Check Point Security Labs have uncovered a nasty new hacking technique that takes advantage security deficiencies in several popular media players. The exploit uses phony subtitle files to breach a user’s defenses, at which point it’s possible to gain complete control over the system.

Hackers can apparently create malicious subtitle files that run code when they’re loaded into a media player, according to the report published by Check Point. The company estimates that hundreds of millions of users running software like VLC, Kodi, Popcorn Time, and Stremio could be at risk.

Recommended Videos

Subtitle files are generally perceived as being harmless, and as such they’re rarely vetted too stringently by media players or antivirus software. The situation is made worse by the fact that there’s little standardization, with over 25 different formats with different features and capabilities currently in use.

Check Point has also determined that subtitle repositories are being manipulated to help distribute the malicious files to users. Subtitles submitted by attackers are having are being boosted in the rankings, making it more likely that they’ll be downloaded by users, and selected by media players that can download such files automatically.

Having discovered these vulnerabilities, Check Point disclosed the problem to the developers responsible for the media players that were tested. Some had already taken steps to address the issues, while others are still looking into the situation. As of the time of writing, VLC and Stremio have been officially updated with a fix, while a fixed version of Popcorn Time is available here, and a fixed source code release of Kodi is available here. There are still concerns that other media players might also be affected.

The key here is that subtitle files are being exploited because they’re widely considered to be innocuous. As soon as users and developers drop their guard, malicious hackers see their window of opportunity — and that’s why the work done by organizations like Check Point is so important.

Brad Jones
Brad Jones
Former Contributor
Brad is an English-born writer currently splitting his time between Edinburgh and Pennsylvania. You can find him on Twitter…
Topics
It just got a lot easier to control a Windows 11 PC with your Android phone
Android smartphones now act as a multipurpose remote control for Windows 11 devices, offering instant locking, seamless file transfers, shared clipboard access, and easy screen mirroring.
microsoft-Phone-Link-app-windows-11

Microsoft has rolled out a significant upgrade to its Phone Link system and the "Link To Windows" app for Android, improving cross-platform connectivity with Windows 11. First and foremost, there's a new "Lock PC" toggle that lets you lock your Windows device remotely from your smartphone (provided the devices are connected).

According to a new report by Windows Latest, locking a Windows 11 PC from an Android phone takes a couple of seconds. Once unlocked, the PC reconnects to your phone. Besides that, the app also gets a "Recent Activity" feed that shows file transfers and clipboard history shared between the devices. There's a dashboard of the recent cross-device transactions.

Read more
AI chatbots like ChatGPT can copy human traits and experts say it’s a huge risk
AI that sounds human can manipulate users
phone-showing-ai-chatbots

AI agents are getting better at sounding human, but new research suggests they are doing more than just copying our words. According to a recent study, popular AI models like ChatGPT can consistently mimic human personality traits. Researchers say this ability comes with serious risks, especially as questions around AI reliability and accuracy grow.

Researchers from the University of Cambridge and Google DeepMind have developed what they call the first scientifically validated personality test framework for AI chatbots, using the same psychological tools designed to measure human personality (via TechXplore).

Read more
This advanced modular robot is ideal for Mars missions, its maker says
Swap out the parts to make different kinds of robots.
The Tron 2 robot.

LimX Dynamics is doing some fascinating work in the robotics arena. Four months after impressing us with its talented Oli humanoid robot, the three-year-old tech startup has just unveiled Tron 2, which, as its name cleverly suggests, is the follow-up to Tron 1.

Going by the video (top) released by LimX on Thursday, Tron 2 is an advanced, AI-powered modular humanoid robot featuring remarkable strength and movement.

Read more