VLC users beware! Hackers have found a way to gain control of your device

Published : May 25, 2017, 02:19 AM ISTUpdated : Mar 31, 2018, 07:01 PM IST
VLC users beware! Hackers have found a way to gain control of your device

Synopsis

There are over 25 subtitle formats in use, each with unique features and capabilities. Media players often need to parse together multiple subtitle formats to ensure coverage and provide a better user experience. The fragmented software can lead to numerous distinct vulnerabilities.

According to a report by Check Point, hackers can use malicious subtitles to gain access of your PC. Subtitles are available in a wide number of formats. The new vulnerability shows that hackers can gain access of your PC as soon as you load these subtitles, be it PC, Smart TV or a mobile device. Check Point explains that the attack vector relies on the poor state of security in the way media players process subtitle files and the large number of subtitle formats.

"To begin with, there are over 25 subtitle formats in use, each with unique features and capabilities. Media players often need to parse together multiple subtitle formats to ensure coverage and provide a better user experience, with each media player using a different method. Like other, similar situations which involve fragmented software, these results in numerous distinct vulnerabilities," it writes in a blogpost.

It has also posted a proof-of-concept video demonstrating how an attacker can use malicious subtitles to take over your machine:

Media players such as VLC, Popcorn Time, Kodi and Stremio have been listed. In India, VLC is among the popular media players and this could be a cause of worry. "There are a number of shared online repositories, such as OpenSubtitles.org, that index and rank movie subtitles. Some media players download subtitles automatically; these repositories hold extensive potential for attackers," the blogpost further explains.

Video credit: Check Point

PREV

Recommended Stories

Feature-Rich iQOO Z10R Now on Sale in India with Rs 2,000 Launch Discount
Feature-Rich iQOO Z10R Now on Sale in India with Rs 2,000 Launch Discount
Vivo V60 to Google Pixel 10 series: Top Smartphones Launching in August 2025