Q
Problem solve Get help with specific problems with your technologies, process and projects.

How can hackers use subtitle files to control endpoint devices?

New media player vulnerabilities have been exposed that enable hackers to use subtitle files to control devices. Expert Judith Myerson explains how this happens.

Vulnerabilities in various media players enable hackers to use subtitle files to control devices. How is this possible,...

and have the media player vulnerabilities been patched?

In order to control a device via subtitle files, an attacker crafts a malicious subtitle file that opens the door to remote control of a victim's PC, smart TV or mobile device.

With a couple of clicks, an attacker can upload the malicious file in any subtitle file format to an online repository. The ranking algorithm is then manipulated to ensure that the malicious files get higher ratings than the legitimate files, which are then downloaded to a media player.

As soon as the media player opens, the victim unknowingly loads subtitle files from a repository that is treated as a trusted source. Before displaying the subtitles on the screen, the media player parses the infected files. While this is common, the method of downloading subtitle files varies from one media player to another.

For example, Popcorn Time lets a victim choose a movie over the internet and, while playing the movie, the victim unknowingly loads malicious subtitles. The attacker then remotely opens the command prompt screen and waits for the connection to occur. Upon a successful connection, the attacker gains full control of the victim's endpoint device.

Another approach is exhibited through Kodi, as it lets the user select a movie from a given library. If the library is maliciously or legitimately empty, the victim is asked to populate it with personal media. After playing the media, the player then asks the victim to choose and download subtitles from OpenSubtitles.org. After waiting a certain amount of time, the attacker takes over the victim's device.

In addition to running on popular platforms, Kodi can be installed on a Raspberry Pi or Amazon Fire TV Stick. Likewise, VLC can capture DirectShow body-worn camera videos, and Stremio can run YouTube and Twitch.TV media.

While the newer software versions for these four players have fixed the known vulnerabilities, the risk with lesser known media players in unknown, and users should check to see if similar security holes exist.

Ask the expert:
Want to ask Judith Myerson a question about security? Submit your question now via email. (All questions are anonymous.)

Next Steps

Learn how to protect sensitive data with mobile encryption

Discover what encryption tools can secure data for internet of things devices

Read more about securing your connected devices

This was last published in October 2017

Dig Deeper on Web server threats and application attacks

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

How does your company monitor for media player vulnerabilities?
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close