GETTY • VLC
VLC Player users have been warned about a terrifying new cyberattack that leverage subtitles
Hackers can take control of your computer, smartphone, tablet or smart TV by manipulating subtitle text files, security company Check Point has claimed.
The subtitle files can be manipulated to take control of a wide-range of devices running the hugely-popular VLC media player.
Media players Kodi, Popcorn Time and Stremio are also vulnerable to the hackers, Check Point confirmed.
These media players have a combined userbase that runs into the hundreds of millions.
Subtitle files for movies and televisions can be created by a range of writers and uploaded to online repositories, such as OpenSubtitles.org.
Hackers can leverage free-to-download subtitles to takeover a computer, smartphone, tablet or TV
These files will typically contain some HTML or Java code – so the subtitle texts are displayed on-screen in certain ways.
However, this code code can be used to conceal malicious commands that allows hackers to takeover complete control of the device running the media player.
Check Point Vulnerability Research Team Leader, Omri Herscovici told Express.co.uk "The supply chain for subtitles is complex, with over 25 different subtitle formats in use, all with unique features and capabilities.
"This fragmented ecosystem, along with limited security, means there are multiple vulnerabilities that could be exploited, making it a hugely attractive target for attackers.
"We have now discovered malicious subtitles could be created and delivered to millions of devices automatically, bypassing security software and giving the attacker full control of the infected device and the data it holds.
The simple steps YOU need to take to avoid being hacked in an online scam Mon, April 10, 2017
Get Quotes on Home Insurance
MAKE sure you are protected against the latest online attacks by following these simple steps.
EXPRESS NEWSPAPERS • GETTY 1 of 13
Ensure you're protected against online attacks by following these steps
Check Point’s research team tested and found vulnerabilities in four of the most popular media players – VLC, Kodi, Popcorn Time and Stremio.
By exploiting vulnerabilities in these platforms, hackers were able to use the malicious files to take over the devices playing the media.
Check Point followed responsible disclosure guidelines to report the vulnerabilities to the media player creators.
Since the vulnerabilities were disclosed, all four companies have fixed the reported issues.
Stremio and VLC have also released new software versions incorporating this fix.
“To protect themselves and minimise the risk of possible attacks, users should ensure they update their streaming players to the latest versions,” concluded Check Point's Herscovici.
VLC has over 170 million downloads of its latest version, released June 5, 2016.
REVEALED: Most torrented shows on Pirate bay and Kickass Torrents Thu, January 19, 2017
THESE are the top 10 shows that have been illegally downloaded the most on torrent site such as the Pirate Bay and Kickass Torrents
PH 1 of 10
NUMBER 10: The Grand Tour is number 10 in the most downloaded shows
Meanwhile, Kodi has reached more than 10 million unique users each day, and nearly 40 million unique users per month.
No current estimates exist for Popcorn Time usage, but it is estimated to be tens of millions.
Check Point has reason to believe similar vulnerabilities exist in other streaming media players.