New kind of threat have been found by Check Point researchers. Media players (standalone and on computers), including popular ones like VLC, KODI and smart TVs, can be hacked by malicious subtitles.
Developers are already updating their applications with patches, but to update smart devices and media boxes will take some time, if ever.
Read more on blog.checkpoint.com | hacked-in-translation or your favorite news page.
just use a sandbox soft to isolate your medias/internet-facing apps and you wont have to worry about those attacks.
Thanks for this warning Andre. I understand KODI have released an update to take care of this. Now to find the list of all the Fire devices that need updating......
I think that danger to English speaking population is far less serious than others. Key to prevent possible attack is not to have automatic subtitles loading enabled.
Beside non-major language users, like me in Slovenia, who are using subtitles on daily basis, there are also users with hearing problems, which are using auto-loading subtitles for all the visual material. This population should be careful, till developers update applications.
Hi there
a lot of this is rather "academic" -- especially if you run things like KODI on a firetv / firestick - there's nothing to hack on to that type of box way - although it's got an OS it's a passive type device with no meaningful data that is of any use to a hacker in any case.
Kodi and VLC regularly update their software and fixes already in the system.
For downloading subtitles - just ensure you only use recognized sites for subtitles - and ideally if they are of type .SRT they are readable text so should be OK. Go for .SRT type subtitles rather than the other sorts which could possibly contain executables.
I always use a fire stick / firetv box for watching multi-media but if you do use a phone / computer then your A/V system should protect you against this type of problem. ALWAYS though install the security updates when VLC / KODI issue new releases.
Tip for non English speaking users or users who want other languages.
Download the English subtitle (the .SRT file) as there's usually an English version available even when no other languages are.
Now simply use any of the online translation services (FREE) and you've got the subtitle in your own language. Fix / modify as required.
Note both KODI and VLC have "offset adjustments" to get subtitle in sync with the lips - kodi is easy as you can do it in real time while watching the movie.
Usually subtitles from opensubtitles.org or subscene.com are fine - use the appropriate frame rate and those with the 5 ***** rating usually work. AVOID THOUGH ANY RE-DIRECTS or other download buttons --ensure you actually download the subtitle and not something like driver manager etc etc.
Cheers
jimbo
Quote
And they are in home networks, and ideal entry to hack other computers...
