BeWare! VLC Video Player can Hack You Through Subtitles While You are Watching Movies

vlc video player

Just closing night, I desired to observe a French film, so I looked for English subtitles and downloaded it to my PC.

Even though that movie was remarkable, this morning new studies from Checkpoint scared me.

I was unaware that a bit subtitle file ought to quit complete control of my PC to hackers, whilst I was taking part in the film.

Sure, you heard that proper VlC Video Player Can Hack You.

A team of researchers at checkpoint has found vulnerabilities in 4 of the maximum famous media participant applications, which can be exploited by hackers to hijack “any type of tool through vulnerabilities; whether or not it’s far a laptop, a smart tv, or a cell tool” with malicious codes inserted into the subtitle documents.
“we have now located malicious subtitles may be created and added to tens of millions of gadgets mechanically, bypassing security software and giving the attacker full manipulate of the inflamed device and the facts it holds,” he delivered.
These four prone media players (mentioned under) have been downloaded greater than 220 million instances:

  • VLC Video Player — famous VideoLAN Media player
  • Kodi (XBMC) — Open-source Media software program
  • Popcorn Time — software to watch films and tv indicates instantly
  • Stremio — Video Streaming App for videos, films, television collection and tv channels

The vulnerabilities reside inside the manner diverse media gamers system subtitle documents and if exploited effectively, could put masses of thousands and thousands of customers at risk of getting hacked.

Also Read:  Samsung Galaxy S8 Iris Scanner Hacked

As soon because the media participant parses those malicious subtitle files earlier than showing the real subtitles on your display, the hackers are granted full manipulate of your PC or clever television on which you ran those files.
Within the above video, the researchers established that how a maliciously crafted subtitle file for a movie brought to Popcorn Time media player can hijack a windows laptop. on the proper hand facet of the display, an attacker, walking Kali Linux, received the remote get admission to of the machine as soon as the victim delivered the subtitle file.
On account that textual content-based subtitles for movies and tv indicates are created by using writers after which uploaded to internet shops, like OpenSubtitles and SubDB, hackers can also craft malicious textual content files for same television indicates and movies.
“Our researchers have been also capable of exposing that through manipulating the internet site’s ranking algorithm, we ought to assure crafted malicious subtitles might be those automatically downloaded by using the media player, permitting a hacker to take complete manage over the whole subtitle supply chain, without resorting to a person inside the center assault or requiring consumer interaction,” CheckPoint researchers said.

The researchers agree with that comparable safety vulnerabilities also exist in different streaming media gamers.

The way to defend Your computer from Hackers?

Test factor has already knowledgeable the developers of VLC video player, Kodi, Popcorn Time and Stremio applications approximately the recently determined vulnerabilities.
“To allow the developers extra time to cope with the vulnerabilities, we’ve determined now not to submit any further technical details at this point,” the researchers said.
They all have patched the failings, with Stremio and VLC video player releasing the patched variations in their software program: Stremi four.0 and VLC 2.2.5 that has been out for two weeks.
however, Kodi developer Martijn Kaijser said the reliable version 17.2 launch could arrive later this week, whilst users should get a fixed model online. A patch for Popcorn Time is likewise available online.
So, customers are recommended to replace their media participant as quickly as viable.


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.