People who actually use VLC media player can be at a risk from the cybercriminals. Many thanks to the new malware attack which enables the hackers to get access to the devices and personal data. It is revealed by the report from the security firm Check Point. The security company Check Point has also claimed that the hackers might take control of a tablet, personal computer, smart TV, or mobile phone by the manipulation of the subtitle text files.
The files having subtitles might be manipulated easily to take the control of various devices running the VLC media player. The Check Point has confirmed that the Media players Kodi, Stremio, and Popcorn Time are unsafe to hackers. There is a combined userbase in these media players that actually run into many.
The files having a subtitle for the movies as well as televisions might be created by the writers and is uploaded to the online repositories that include OpenSubtitles.org. These subtitle files would typically have the Java code or HTML– so that these subtitle texts are shown on-screen in the certain ways. Though, the code might be used in order to hide the evil commands which allow the hackers to take the full control of a device that is running media player.
Omri Herscovici is the research team leader at The Check Point Vulnerability told Express.co.uk. He told that “Supply chain for the subtitles is quite complex, over twenty-five different subtitle formats, all with the different capabilities and features. “The fragmented ecosystem, with the limited security, means that there’re different vulnerabilities that might be exploited that will make it a very attractive target for the hackers.
“We’ve discovered the malicious subtitles might be designed and delivered to the millions of the devices automatically with the help of the security software that gives the hacker complete control of an infected device and its data that it holds.
The research team of the Check Point has tested and revealed that there are vulnerabilities in 4 most famous media players that are VLC, Stremio, Kodi, and Popcorn Time. The Check Point has followed the responsible disclosure guidelines in order to report vulnerabilities to creators of the media player.
As vulnerabilities were revealed, all of the 4 companies have now fixed reported problems. VLC and Stremio have released some new software versions to incorporate this fix.