Hackers use subtitles as backdoor to many devices
26 May 2017 - 10:13 by Graham Miller
A new vulnerability in online streaming and media player software could be used to carry out cyber attacks, according to security experts at Check Point.
The Telegraph reports that subtitle files are being exploited to smuggle malicious code onto PCs, smart TVs and mobile devices, circumventing the usual checks which are carried out by antivirus suites.
Specialists claim that illegally downloaded movies are especially likely to be used in this type of attack, giving hackers the opportunity to entirely hijack devices and subsequently steal information from them, or encrypt the data and demand a ransom, as in the recent NHS attack.
Many of the security risks facing consumers at the moment are related to phishing scams which attempt to emulate legitimate email messages that would be sent by firms that genuinely offer safe shopping online. But the more direct, aggressive and difficult to deflect approach uncovered here could be far more effective and potentially catastrophic.
The good news is that the flaw was uncovered by Check Point and has thus been publically acknowledged and passed on to many of the companies which are responsible for developing media player software.
It has also been pointed out that although those carrying out illegal streaming and downloading are most likely to be vulnerable to a subtitle-based attack, it is also possible for legitimate media content to contain viruses as a result of this method.
Consumers are urged to remain vigilant and ensure that they stick only to reputable websites, whether they are looking to watch media content or carry out safe shopping online.
Security researchers work tirelessly to unpick popular software and find the flaws before they are leveraged by malicious third parties. It is now up to the developers to roll out patches and prevent damage being done.