A proof of thought assault using malicious video subtitle recordsdata finds how adversaries can execute far off code on PCs, good TVs and cellular devices the use of widespread video avid gamers and services akin to VLC Media player, Kodi, Stremio and Popcorn Time.
“this can be a model new attack vector. We haven’t viewed this sort of attack but in the wild. however we imagine there are upwards of 200 million video gamers and streamers at risk of this type of assault,” said Omri Herscovici, workforce chief for products research and development at take a look at point device technologies.
Herscovici stated every media player check point checked out has a singular vulnerability that enables a remote attacker to not directly execute code and acquire regulate of the centered gadget. With the VLC player, researchers had been able to benefit from a reminiscence corruption vulnerability to gain control of a computer. With different media gamers and streamers, take a look at level mentioned it could now not reveal the technical important points until instrument updates were deployed to customers.
VLC developers had been contacted in April and made aware of 4 separate vulnerabilities, Herscovici stated. each and every one of the crucial vulnerabilities (CVE-2017-8310, CVE-2017-8311, CVE-2017-8312 and CVE-2017-8313) has been patched.
take a look at point is basing the scope of affected customers on publicly disclosed numbers supplied by using providers. in keeping with VLC, a hundred and seventy million users have downloaded the player considering the fact that June 2016. Kodi experiences more than forty million distinctive users of its video device every month.
In its proof of concept attack, check point says victims are persuaded to seek advice from a malicious website that makes use of probably the most streaming video avid gamers, or they’re tricked into running a malicious subtitle file on their device that they intentionally downloaded to be used with a video.
“via conducting assaults via subtitles, hackers can take complete keep an eye on over any software working them. From this point on, the attacker can do no matter he needs with the victim’s desktop, whether or not it’s a computer, a smart television, or a mobile software. the prospective harm the attacker can inflict is unending, ranging anyplace from stealing sensitive data, putting in ransomware, mass Denial of carrier assaults, and rather more,” wrote check level in a analysis blog relating to the attack vector.
check point mentioned unhealthy coding of subtitle parsing implementation is at the heart of the vulnerability.
“There are dozens of subtitle codecs, from SRT, SUB and GSS – and no requirements for parsing. each and every probably the most gamers we looked at uses a homegrown model of a subtitle parsing implementation. And each and every one among them had a faraway code execution flaw,” Herscovici said.
In each and every assault scenario, the malicious subtitle file should be chosen to run with the video.
In every other assault scenario, a victim performs a video that’s pre-programmed to routinely obtain a subtitle file from a web-based repository akin to OpenSubtitles.org. Researchers say an attacker can upload malicious subtitle files to these repositories and artificially inflate the file’s rating. Video avid gamers are prompt to obtain the best possible ranked subtitle file.
“These repositories dangle extensive attainable for attackers. Our researchers have been also in a position to indicate that via manipulating the website’s ranking algorithm, shall we guarantee crafted malicious subtitles would be those robotically downloaded by way of the media player, permitting a hacker to take complete keep an eye on over the entire subtitle supply chain, with out resorting to a person-in-the-center assault or requiring user interaction,” wrote test level researchers.
Threatpost the first cease for security information
Facebook
Twitter
Instagram
Google+
LinkedIn
RSS