Hackers Are Hiding Computer Viruses in Film Subtitles to Take Control of Devices

Hackers subtitles cyberseurity checkpoint virus
Subtitles appear over a confrontation scene between a South Korean (L) and North Korean soldier from a movie titled "Joint Security Area" at a theatre in Seoul August 22, 2000. LJW/CC

Millions of people may be at risk from a new method of hacking that infects devices with hidden computer viruses in the subtitles of online videos, according to security researchers.

Cybersecurity firm Check Point found that subtitle files for films and TV shows could be manipulated to allow hackers to take complete control over any type of device via vulnerabilities found in popular streaming platforms, including VLC, Popcorn-Time and Kodi.

"The supply chain for subtitles is complex, with over 25 different subtitle formats in use, all with unique features and capabilities," says Omri Herscovici, vulnerability research team leader at Check Point, in an email to Newsweek .

"This fragmented ecosystem, along with limited security, means there are multiple vulnerabilities that could be exploited, making it a hugely attractive target for attackers."

Herscovici says Check Point discovered malicious subtitles that could be delivered to millions of devices automatically, bypassing security software and giving the attacker full access to the data it holds.

The security firm estimates there are approximately 200 million video players and streamers that currently run the vulnerable software. A blog post describing the issue describes it as "one of the most widespread, easily accessed and zero-resistance vulnerability reported in recent years."

hack subtitles check point
An infographic explains how hackers are able to take control of a victim's device though malicious subtitles. Check Point

The cyberattack is delivered when media players load the subtitles, which are hidden in online subtitle repositories by the hackers. The media players, which draw from multiple subtitle formats to ensure a better user experience, perceive the subtitles as nothing more than benign text files.

"This means users, anti-virus software, and other security solutions vet them without trying to assess their real nature, leaving millions of users exposed to risk," the blogpost states.

"The potential damage the attacker can inflict is endless, ranging anywhere from stealing sensitive information, installing ransomware, mass Denial of Service attacks, and much more."

Check Point disclosed the vulnerabilities to the media player companies, who released new software versions that incorporate a fix for the issue. "To protect themselves and minimize the risk of possible attacks, users should ensure they update their streaming players to the latest versions," Herscovici added.