{"id":322908,"date":"2017-05-27T06:27:10","date_gmt":"2017-05-27T06:27:10","guid":{"rendered":"http:\/\/citifmonline.com\/?p=322908"},"modified":"2017-05-27T06:27:10","modified_gmt":"2017-05-27T06:27:10","slug":"subtitling-systems-contain-widespread-security-threat","status":"publish","type":"post","link":"https:\/\/citifmonline.com\/2017\/05\/subtitling-systems-contain-widespread-security-threat\/","title":{"rendered":"Subtitling systems contain ‘widespread’ security threat"},"content":{"rendered":"
Film fans could be vulnerable to attack by hackers who hide malicious code inside files that provide subtitles, a security firm has warned.<\/p>\n
Checkpoint Software found loopholes in the way four popular media players handle subtitles.<\/p>\n
Poor checking of subtitle files, the different formats they use and problems with the websites that store the files all introduced weaknesses, it said.<\/p>\n
Checkpoint said it had reported the bugs it found to media player makers.<\/p>\n
‘Zero resistance’<\/strong><\/p>\n The researchers found the bugs by analysing how the VLC, Kodi, Popcorn Time and Strem.io media players handle subtitle files. All four programs have been downloaded hundreds of millions of times, suggesting a large number of people are vulnerable, they said.<\/p>\n Attackers who exploited the vulnerabilities found in the subtitling ecosystem would more than likely be able to completely take over a PC, tablet or smart TV, said Checkpoint. Attackers could steal information, carry out denial of service attacks or install ransomware.<\/p>\n In a blog detailing the findings, the security firm said it was one of the “most widespread, easily accessed and zero-resistance vulnerability [sic] reported in recent years”.<\/p>\n Typically, media players are programmed to automatically look online for files that can provide subtitles.<\/p>\n