Skip to main content

Subtitles hack can control your system through media player vulnerabilities

Hacked in Translation Demo
Researchers at Check Point Security Labs have uncovered a nasty new hacking technique that takes advantage security deficiencies in several popular media players. The exploit uses phony subtitle files to breach a user’s defenses, at which point it’s possible to gain complete control over the system.

Hackers can apparently create malicious subtitle files that run code when they’re loaded into a media player, according to the report published by Check Point. The company estimates that hundreds of millions of users running software like VLC, Kodi, Popcorn Time, and Stremio could be at risk.

Subtitle files are generally perceived as being harmless, and as such they’re rarely vetted too stringently by media players or antivirus software. The situation is made worse by the fact that there’s little standardization, with over 25 different formats with different features and capabilities currently in use.

Check Point has also determined that subtitle repositories are being manipulated to help distribute the malicious files to users. Subtitles submitted by attackers are having are being boosted in the rankings, making it more likely that they’ll be downloaded by users, and selected by media players that can download such files automatically.

Having discovered these vulnerabilities, Check Point disclosed the problem to the developers responsible for the media players that were tested. Some had already taken steps to address the issues, while others are still looking into the situation. As of the time of writing, VLC and Stremio have been officially updated with a fix, while a fixed version of Popcorn Time is available here, and a fixed source code release of Kodi is available here. There are still concerns that other media players might also be affected.

The key here is that subtitle files are being exploited because they’re widely considered to be innocuous. As soon as users and developers drop their guard, malicious hackers see their window of opportunity — and that’s why the work done by organizations like Check Point is so important.

Brad Jones
Former Digital Trends Contributor
Brad is an English-born writer currently splitting his time between Edinburgh and Pennsylvania. You can find him on Twitter…
How to tell if your webcam has been hacked
Razer webcam sitting on top of a monitor.

Having your webcam hacked is a terrifying prospect for many -- and a good reason to use a dedicated webcam cover. Not only does it represent an incredible invasion of privacy, but it has the potential to grab biometric data and other personal information that could be used to further expose you and steal your identity.

Often a hacked webcam is just part of a comprehensive malware assault, though, so protecting yourself against it involves having some of the best antivirus protection you can, while keeping your system updated. Even with robust protections in place, though, you should always keep an eye out for the tell-tale signs of a hacked webcam. Here's what to look out for.
The light on your webcam turns on at strange times

Read more
How to cancel a Twitch subscription on desktop or mobile
The Twitch desktop app.

There comes a time in every online gamer’s life when one must move on from platforms once cherished. Beyond PlayStation Plus and Xbox Game Pass, one of the premiere gaming content meccas is Twitch. Built from the ground up to give players the world over a community forum to live-stream through, it’s the kind of content hub that’s great when you want it, but maybe one of the first things you want to walk away from when you’re taking a break from your PC and consoles.

Read more
How I unlocked the hidden modes of DLSS
dlss hidden modes dt respec

Nvidia's Deep Learning Super Sampling (DLSS) has become a mainstay in modern PC games. We all know about the basic presets to choose from in games that set the quality level and tip the scales toward performance or image quality.

But under the surface, there are a range of hidden presets that make DLSS behave in different ways. These are how developers tweak how DLSS reacts to a given input resolution and specific game content. They aren't meant to be user-facing, but a clever mod allowed me to open up the hood of DLSS and get my hands dirty. Not only do these hidden presets provide far more customization,  but they also reveal how DLSS really works.
Meet DLSSTweaks

Read more