Video Subtitle Hack Exploiting VLC, Popcorn Time And Kodi Could Enslave Millions Of Devices, Update Now

If you’re a regular user of media player apps like VLC, Kodi and Popcorn Time, now is the time to grab the latest update from your software’s developer. Researchers for Check Point has uncovered a new exploit that allows hackers to use subtitles as a sneaky way to take over your device.

How is it even possible for hacker to use malicious subtitles to gain access to your PC or tablet? According to Check Point, media player developers haven’t really devoted a lot of time to ensuring the safety of subtitles, and subtitles in general are available in a wide number of formats, which can make handling them very tricky.


In the case of this new attack vector, media players can become compromised when they attempt to load a subtitle file. Malicious subtitles could include code giving complete control of your device — that includes PCs, smart TVs and even your mobile devices. “The potential damage the attacker can inflict is endless, ranging anywhere from stealing sensitive information, installing ransomware, mass Denial of Service attacks, and much more,” writes Check Point.

And given that subtitles are considering by leading antivirus software to be simple text files, they are easily overlooked during real-time scans.

“These subtitles repositories are, in practice, treated as a trusted source by the user or media player; our research also reveals that those repositories can be manipulated and be made to award the attacker’s malicious subtitles a high score, which results in those specific subtitles being served to the user,” Check Point adds.

In the video below, you can see how the attack is perpetrated on a Windows 10 system:

There are over 200 million users that are susceptible to such attacks, with 170 million users on VLC alone. Another 40 million users consume their video content with Kodi.

Fortunately, after being alerted to the subtitles exploit, the developers of Popcorn Time, Kodi, VLC and Stremio have all released updates to close the exploit. If you haven’t already updated your software, now is the time to do so.