The latest news story has revealed that Kodi, Popcorn Time and VLC are vulnerable to a widespread subtitle hack with over 200 million users potentially at risk. Lee Munson has commended the the developers who have acted fast to ensure the massive pool of users have updates available. Lee Munson, Security Researcher at Comparitech.com commented below.
Lee Munson, Security Researcher at Comparitech.com:
“This subtitle hack is yet more proof that bad actors (surely only the cynical will suggest this has anything to do with rights holders?) will do anything to gain access to a device to drop malware, steal information or sign up a new recruit to a botnet.
While I suspect the use of captions is small outside of English-speaking countries, the potential pool of victims is massive, especially given the widespread use of streaming and other video services.
Fortunately, the developers behind all the affected video players have acted swiftly to mitigate the threat via updates which is a good start. How likely it is that fans of Kodi will stroll over to GitHub to get theirs’ is another matter though, as is the likelihood of the latest version finding its way onto older, jailbroken, devices.
Thus, I feel that it is imperative that Kodi quickly provides a more accessible update, as well as create some awareness through the client itself, or the consequences could be severe.
Equally, those who stream their entertainment may do well to avoid subtitles, at least in the short-term.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.