Check Point: Pirates use translations to infect a victim’s device

May

26

2017

Check Point pointed out that hundreds of millions of devices containing VLC, Kodi, Popcorn Time and Stremio multimedia software are at risk, as the company discovered a new attack that could allow online attackers to access the victim’s computer, mobile phone or His smart TV through malicious translations.

“Malicious translations can be created and delivered to millions of devices automatically, bypass security programs, and give the attacker complete control over the infected device and the data it carries,” said Omri Hershkovici, head of the vulnerability research team.

The follow-up of translations was a complex process with more than 25 different versions currently in use, all with unique features. This fragmented ecosystem and limited security meant multiple vulnerabilities that could be exploited, making it a highly attractive target for attackers.

Subtitles for movies and television programs are created by a wide range of translators who upload them for online participation via certain sites such as OpenSubtites.org, where files are indexed and evaluated.

Attackers can manipulate the ranking algorithm, so that their malicious translations are automatically downloaded by multimedia playback software, which would allow an attacker to control the entire translation chain little or no unintended action by the user.

CheckPoint said it followed the disclosure guidelines and informed developers about gaps in the weak multimedia operating software. Some problems have already been fixed while others are under investigation.

According to the company, users should ensure that multimedia software is updated to the latest version in order to protect themselves and reduce the risk of potential attacks. Popcorn Time has released a new version to correct the problem, and the latest version of Kodi, VLC and Stemio has been fixed.

The translations of films and series are often seen as nothing more than text files, and the company said it had a strong reason to believe similar weaknesses in other multimedia software but has not yet released the full technical details of the flaws in order to give developers more time to address the problems .

Viewing:-133

In: Technology & Gadgets Asked By: [17240 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »