Cyber Attack Allows Hackers to Take Control of Media Devices Through Subtitles

Media Division | May 24, 2017

Cyber attackers have become increasingly clever with the methods that they use breach systems and networks. As we continue to fortify against their techniques, they then learn to adapt and find a new way to bypass security implements. There are some methods of attack that have been around for quite some time because they continue to be successful, but others are more recently developed and target areas that are lacking proper protection. In a newly discovered type of attack, it was found that hackers are able to compromise media devices through malicious crafted subtitle files.

How Subtitles Work

To understand how this method works, it is necessary to understand the basic operation of subtitles. In a simple explanation, subtitles go from writers to repositories, and these are then sent to various media sources. These subtitle files are generally trusted by anti-virus software and devices, which means that the files will be downloaded by media players without really being vetted. They are treated as harmless text files, rather than their actual contents being explored.

Exploitation of Trusted Files

This uniform trust allows a hacker to exploit the system by uploading their own malicious files to these repositories, which are then downloaded by media services. They can then gain control over a variety of different devices, and fulfill any number of malicious purposes, such as DDoS attacks, ransomware infections, or purloining sensitive or personal information. The devices that this could affect include smartphones, computers, TVs, and potentially several more. This vulnerability is found in several popular media services, such as Kodi (formerly XBMC), Popcorn Time, VLC, and stremio. Check Point researchers had initially discovered this exploitation yesterday. In a blog post, they had estimated that around 200 million media players and streamers run this vulnerable software, making it an extremely widespread vulnerability.

Torrentfreak had said that the head of the Kodi software team, Martijn Kaijser, was aware of these attacks.  Kodi has created a fix, but it is unfortunately only a source code release currently. There has been no information as far as to when this will become a downloadable release on the official site. Hopefully, this version becomes available with haste, and other media companies follow suit. Otherwise, an extremely large amount of people will continue to be left vulnerable for an extended period of time.

Covering All Attack Vectors to Prevent Cyber Attacks

Being that criminals continue to discover new attack vectors, organizations need to cover their systems and networks much more thoroughly. Far too many organizations are lackadaisical about their security, and leave many paths open for attackers. This is why so many breaches continue to occur as a result of unsecured databases, minimal security holes, etc. An organization must meticulously comb their systems and networks for any potential vulnerabilities, or hire help that can do so. Negligence has no place in cyber security, as it simply leads to massive data breaches, cyber attacks, and failing organizations. We now store massive amounts of sensitive data and assets in the digital world, and lacking cyber security has essentially become equivalent to a business leaving their doors unlocked in a bad neighborhood. Some may refute this analogy, but it is realistic, as there are many attackers out there constantly and carefully searching for any hole in security. Massive Alliance offers a number of services that can help an organization to prevent cyber attacks from compromising their systems and networks.

Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.