Apologies, this is actually an ad for CUJO, but a good article, nonetheless. I’ve removed the advertisement part of this article.
What’s happening to video streaming sites?
If you use media players like Kodi or VLC you should know about some pretty serious security vulnerabilities that have been exposed lately. Dubbed by Checkpoint as a “completely overlooked technique”, hackers have been reportedly hiding malware in the subtitles of popular streaming sites. Using this new attack vector, hackers can get complete control of your computer, smartphone, smart TV, or whatever else you are using to stream TV and movies.
This is a completely unique bout of malware attacks. Hackers create malicious subtitle files that contain malware and then upload them to online repositories. Hackers then manipulate the ranking algorithms that media players use for these online subtitle repositories.
This guarantees that the streaming services automatically select these malicious files for you to use. Your computer becomes infected when you select your preferred language for subtitles.
The worst part of this is that it can happen without you even knowing it. The subtitles are generally treated as trustworthy by the media player as well as the user. At the time you start watching the movie and select your chosen subtitle language, the malware infects your machine.
Who is the target of these attacks?
Checkpoint estimates that 200 million users have been affected. As far as we know, VLC, Stremio, and Kodi have been affected, but there could be other sites as well. The popular illegal streaming site called Popcorn Time has also been targeted.
These sites have millions of users each, which means a huge number of users for hackers to target. This is why this attack has been able to spread, especially due to the new nature of this method. Nobody has been expecting an attack like this, so there were not many defensive measures in place. Video players and users trust the subtitle files. People are learning to be suspicious of phishing emails and other web threats, which is why hackers are constantly looking for new lucrative methods of attack.
Most people stream movies and TV on a regular basis without giving it a second thought. These hackers target indiscriminately; they look for anyone who is vulnerable. Make sure you are keeping your software updated, and you are staying away from pirate sites, as they may also be more vulnerable to attacks.
How does it work?
There are serious security problems with these streaming sites. The subtitle repositories are treated as a trusted source, due to the ranking system. However, they have not taken into account the fact that hackers can manipulate these rankings. This ensures that the hacker’s malicious subtitle files will be selected automatically by the media player, allowing the hackers to access millions of machines.
The malware allows the attacker to take control of the device, may it be your iPhone, laptop, or smart TV. This gives hackers full control of the machine. At this point, they can do anything they want with it. This could range from stealing sensitive information to installing ransomware and demanding money. They could use the machines used in a DDoS attack.
This video by Checkpoint does a good job of explaining what’s been happening:
Since the new attack vector was discovered, Kodi, Stremio, and VLC have offered new versions that fix the vulnerabilities. Popcorn Time has yet to make a fixed version available to users. You should not use downloaded subtitles on these sites until you have updated your software.
It is worth noting that other sites may be affected as well, so you should be cautious of this problem, in general.
What You Can Do
- Update your software! This is another one of those security problems that is minimized if everyone updates their software on a consistent basis. Patches are constantly created that could save you from the existing vulnerabilities of your device.
- Be wary/ avoid any kind of movie pirating sites
- Make sure you put your own security measures into place in your home.