Skip to main content
  1. Home
  2. Computing
  3. News

Subtitles hack can control your system through media player vulnerabilities

By

Researchers at Check Point Security Labs have uncovered a nasty new hacking technique that takes advantage security deficiencies in several popular media players. The exploit uses phony subtitle files to breach a user’s defenses, at which point it’s possible to gain complete control over the system.

Hackers can apparently create malicious subtitle files that run code when they’re loaded into a media player, according to the report published by Check Point. The company estimates that hundreds of millions of users running software like VLC, Kodi, Popcorn Time, and Stremio could be at risk.

Recommended Videos

Subtitle files are generally perceived as being harmless, and as such they’re rarely vetted too stringently by media players or antivirus software. The situation is made worse by the fact that there’s little standardization, with over 25 different formats with different features and capabilities currently in use.

Check Point has also determined that subtitle repositories are being manipulated to help distribute the malicious files to users. Subtitles submitted by attackers are having are being boosted in the rankings, making it more likely that they’ll be downloaded by users, and selected by media players that can download such files automatically.

Having discovered these vulnerabilities, Check Point disclosed the problem to the developers responsible for the media players that were tested. Some had already taken steps to address the issues, while others are still looking into the situation. As of the time of writing, VLC and Stremio have been officially updated with a fix, while a fixed version of Popcorn Time is available here, and a fixed source code release of Kodi is available here. There are still concerns that other media players might also be affected.

The key here is that subtitle files are being exploited because they’re widely considered to be innocuous. As soon as users and developers drop their guard, malicious hackers see their window of opportunity — and that’s why the work done by organizations like Check Point is so important.

Topics
Brad Jones
Brad Jones
Former Digital Trends Contributor
Brad is an English-born writer currently splitting his time between Edinburgh and Pennsylvania. You can find him on Twitter…
SanDisk’s latest drive sets new benchmark for consumer NVMe SSDs
The SanDisk WD Black SN8100 PCIe Gen 5 SSD with and without heatsink variants

SanDisk has officially introduced the WD Black SN8100, its latest high-end PCIe Gen 5 NVMe SSD targeting PC enthusiasts, gamers, and professional users. With sequential read speeds of up to 14,900 MB/s and write speeds of 14,000 MB/s, the drive sets a new bar for consumer SSD performance, surpassing some of the best NVMe SSDs currently on the market, including the Crucial T705. 

The SN8100 uses a standard M.2 2280 form factor and is available in capacities of 1TB, 2TB, 4TB, and 8TB. It’s worth noting that the 1TB model offers lower write speeds, up to 11,000 MB/s, compared to the higher-capacity versions, which reach up to 14,000 MB/s. 

Read more
Pairing the RTX 5090 with a CPU from 2006? Nvidia said ‘hold my beer’
RTX 5090.

Nvidia's best graphics cards are often paired with expensive CPUs, but what if you want to try a completely mismatched, retro configuration? Well, that used to be impossible due to driver issues. But, for whatever reason, Nvidia has just removed the instruction that prevented you from doing so, opening the door to some fun, albeit nonsensical, CPU and GPU combinations.

The instruction in question is called POPCNT (Population Count), and this is a CPU instruction that also prevents Windows 11 from being installed on older hardware. Its job is counting how many bits are present in a binary number. However, as spotted by TheBobPony on X (Twitter), POPCNT will not be a problem for Nvidia's latest graphics cards anymore.

Read more
AMD’s upcoming CPU could offer bonkers gaming performance
A fake and real AMD Ryzen 7 9800X3D side by side.

AMD's Zen 5 architecture has been a popular choice for gamers due to its outstanding performance and 3D V-Cache capacity, and now a leak suggests Zen 7 could double down on that through a new "3D Core." According to YouTuber Moore's Law is Dead, "[AMD] is moving toward a lot of official variants."

AMD reportedly plans to launch a single overall architecture, divided into different product categories, including the expected lineup: Classic Cores, Dense Cores, Efficiency Cores, and Low-Power Cores. The 3D Core is the latest addition, and it is said to "require full cache chiplets" that "seem to be leading to profound performance increases."

Read more