Subtitling systems contain ‘widespread’ security threat

Film fans could be vulnerable to attack by hackers who hide malicious code inside files that provide subtitles, a security firm has warned.

Checkpoint Software found loopholes in the way four popular media players handle subtitles.

Poor checking of subtitle files, the different formats they use and problems with the websites that store the files all introduced weaknesses, it said.

Checkpoint said it had reported the bugs it found to media player makers.

‘Zero resistance’

The researchers found the bugs by analysing how the VLC, Kodi, Popcorn Time and media players handle subtitle files. All four programs have been downloaded hundreds of millions of times, suggesting a large number of people are vulnerable, they said.

Continue reading…