CATEGORIES
home News

Video Subtitle Hack Exploiting VLC, Popcorn Time And Kodi Could Enslave Millions Of Devices, Update Now

by Brandon HillTuesday, May 23, 2017, 04:09 PM EDT

If you’re a regular user of media player apps like VLC, Kodi and Popcorn Time, now is the time to grab the latest update from your software’s developer. Researchers for Check Point has uncovered a new exploit that allows hackers to use subtitles as a sneaky way to take over your device.

How is it even possible for hacker to use malicious subtitles to gain access to your PC or tablet? According to Check Point, media player developers haven’t really devoted a lot of time to ensuring the safety of subtitles, and subtitles in general are available in a wide number of formats, which can make handling them very tricky.

popcorntime

In the case of this new attack vector, media players can become compromised when they attempt to load a subtitle file. Malicious subtitles could include code giving complete control of your device — that includes PCs, smart TVs and even your mobile devices. “The potential damage the attacker can inflict is endless, ranging anywhere from stealing sensitive information, installing ransomware, mass Denial of Service attacks, and much more,” writes Check Point.

And given that subtitles are considering by leading antivirus software to be simple text files, they are easily overlooked during real-time scans.

“These subtitles repositories are, in practice, treated as a trusted source by the user or media player; our research also reveals that those repositories can be manipulated and be made to award the attacker’s malicious subtitles a high score, which results in those specific subtitles being served to the user,” Check Point adds.

In the video below, you can see how the attack is perpetrated on a Windows 10 system:

There are over 200 million users that are susceptible to such attacks, with 170 million users on VLC alone. Another 40 million users consume their video content with Kodi.

Fortunately, after being alerted to the subtitles exploit, the developers of Popcorn Time, Kodi, VLC and Stremio have all released updates to close the exploit. If you haven’t already updated your software, now is the time to do so.

Tags:  VLC, Kodi, popcorn time, subtitles, streamio
Brandon Hill

Brandon Hill

Brandon received his first PC, an IBM Aptiva 310, in 1994 and hasn’t looked back since. He cut his teeth on computer building/repair working at a mom and pop computer shop as a plucky teen in the mid 90s and went on to join AnandTech as the Senior News Editor in 1999. Brandon would later help to form DailyTech where he served as Editor-in-Chief from 2008 until 2014. Brandon is a tech geek at heart, and family members always know where to turn when they need free tech support. When he isn’t writing about the tech hardware or studying up on the latest in mobile gadgets, you’ll find him browsing forums that cater to his long-running passion: automobiles.

Opinions and content posted by HotHardware contributors are their own.

TOP STORIES
Which New GPU Is For You?
More Results
KEEP INFORMED

Stay updated with the latest news and updates. Subscribe to our newsletter!

Subscribe Now
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2026 Hot Hardware Inc, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment