May 25, 2017 By Shane Schick 2 min read

“Attack Of The Subtitles” may sound like the name of a particularly geeky horror film, but researchers say it’s an actual threat whereby cybercriminals could perform remote code execution and take over entire systems.

Two Thumbs Down

Check Point Security disclosed the vulnerability, which may be running in more than 200 million streaming platforms and video players. The researchers said all it takes is downloading a malicious subtitle text file for cybercriminals to perform remote code execution. They can then launch distributed denial-of-service (DDoS) attacks, steal information or install ransomware, among other things.

The subtitle files in question are usually contained in repositories such as OpenSubtitles.org, where users specifically select them. That means potential victims have essentially opted in to download the malware, Threatpost explained.

Unfortunately, the lack of standardization in the way subtitle files are parsed means remote code execution flaws are incredibly common. Malicious actors could manipulate the ranking algorithm in the repositories to make sure the malicious subtitle files were seen as the most popular choice.

A New Avenue for Remote Code Execution

Forbes pointed out that while the use of subtitles may be somewhat novel, media players make sense as a possible attack vector given how prevalent they are. Smart TVs in particular may become targets for cybercriminals, offering an easy way to spy or collect information while users are innocently enjoying their favorite movies or television shows.

For the moment, there is no evidence that the remote code execution flaws via subtitles are being exploited in the wild. TechCrunch reported that most of the players at risk — including VLC, Popcorn Time, Kodi and Stremio — have released fixes or are being automatically patched. A demo clip of how the attack works, called “Hacked In Translation,” is also circulating on YouTube and can educate people about the potential dangers.

Even with the risk of remote code execution, streaming video isn’t about to die off anytime soon. Digital Trends said the real lesson here is that the simplest pieces of technology we take for granted — like subtitles — are the very thing cybercriminals might turn to their advantage. That’s why the ongoing story of IT security is so gripping: Just when you least expect it, there’s always a plot twist.

More from

How will the Merck settlement affect the insurance industry?

3 min read - A major shift in how cyber insurance works started with an attack on the pharmaceutical giant Merck. Or did it start somewhere else?In June 2017, the NotPetya incident hit some 40,000 Merck computers, destroying data and forcing a months-long recovery process. The attack affected thousands of multinational companies, including Mondelēz and Maersk. In total, the malware caused roughly $10 billion in damage.NotPetya malware exploited two Windows vulnerabilities: EternalBlue, a digital skeleton key leaked from the NSA, and Mimikatz, an exploit…

3 Strategies to overcome data security challenges in 2024

3 min read - There are over 17 billion internet-connected devices in the world — and experts expect that number will surge to almost 30 billion by 2030.This rapidly growing digital ecosystem makes it increasingly challenging to protect people’s privacy. Attackers only need to be right once to seize databases of personally identifiable information (PII), including payment card information, addresses, phone numbers and Social Security numbers.In addition to the ever-present cybersecurity threats, data security teams must consider the growing list of data compliance laws…

ICS CERT predictions for 2024: What you need to know

4 min read - As we work through the first quarter of 2024, various sectors are continuously adapting to increasingly complex cybersecurity threats. Sectors like healthcare, finance, energy and transportation are all regularly widening their digital infrastructure, resulting in larger attack surfaces and greater risk exposure.Kaspersky just released their ICS CERT Predictions for this year, outlining the key cybersecurity challenges industrial enterprises will face in the year ahead. The forecasts emphasize the persistent nature of ransomware threats, the increasing prevalence of cosmopolitical hacktivism, insights…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today