Hackers Working Via Subtitles on Streamers!

Hide sidebar Show sidebar
Bucknekked

Bucknekked

Audioholic Samurai
slipperybidness said:
I know several members use some of the streaming programs mentioned in this article. Bottom line, be careful when using subtitles! The craftiness of hackers never ceases to amaze!

https://www.engadget.com/2017/05/24/security-flaw-in-media-player-subtitles/
Click to expand...
I agree. Slimey folks seem to have no limits to their creativity.
Back when I was ripping movies to my media server I ran in to some bloated size problems when doing Blu-ray titles. Did a little digging within the handbrake community and makemkv and discovered the other-than-english languages and subtitle stuff was enormous in size and number. I think it was Avatar that had 27 or more languages and other huge files other than the english version I was after. I learned how to deselect anything and everything that wasn't directly what I was after. I didn't know about a security hole at the time but by just keeping what I needed, I have avoided one. Good philosophy in general. Just store and use what you need.
 
BoredSysAdmin

BoredSysAdmin

Audioholic Slumlord
Update your media clients asap. These subs could be embedded in video files and virus scanner would not pick it up.
 
Bucknekked

Bucknekked

Audioholic Samurai
BoredSysAdmin said:
Update your media clients asap. These subs could be embedded in video files and virus scanner would not pick it up.
Click to expand...
That is solid advice. Yet another type of slimey creativity I had not thought of.
 
slipperybidness

slipperybidness

Audioholic Warlord
Bucknekked said:
I agree. Slimey folks seem to have no limits to their creativity.
Back when I was ripping movies to my media server I ran in to some bloated size problems when doing Blu-ray titles. Did a little digging within the handbrake community and makemkv and discovered the other-than-english languages and subtitle stuff was enormous in size and number. I think it was Avatar that had 27 or more languages and other huge files other than the english version I was after. I learned how to deselect anything and everything that wasn't directly what I was after. I didn't know about a security hole at the time but by just keeping what I needed, I have avoided one. Good philosophy in general. Just store and use what you need.
Click to expand...
From my understanding, you would be safe because you would have copied legitimate subtitles files as supplied directly from the disc. It is the way media streamers get the text files to use for subtitles that creates the vulnerability.
 
BoredSysAdmin

BoredSysAdmin

Audioholic Slumlord
slipperybidness said:
From my understanding, you would be safe because you would have copied legitimate subtitles files as supplied directly from the disc. It is the way media streamers get the text files to use for subtitles that creates the vulnerability.
Click to expand...
Right, More accurately - the subtitles files reading is done very amateurish and I think they are trivially letting everything read of subtitle files run in some privileged windows sub-system without checking for input. It would take specially crafted and maliciously trapped subtitles file to use this vun. If you only creating subtitles files from your own disks - you're perfectly safe.

btw: Reminds of this:


For non-nerds explanation here:
https://www.explainxkcd.com/wiki/index.php/327:_Exploits_of_a_Mom
 
Bucknekked

Bucknekked

Audioholic Samurai
slipperybidness said:
From my understanding, you would be safe because you would have copied legitimate subtitles files as supplied directly from the disc. It is the way media streamers get the text files to use for subtitles that creates the vulnerability.
Click to expand...
I think in this case, both of you may be correct. slipperybidness may be correct in that the files direct from the source should be as clean as any file can be, nothings 100%, but within reason. Disney just got hacked and an entire unreleased movie got stolen so nothings going to be "for sure".

BSA has a correct point as well : if you have apps that interact with external files, you have potential security problems. Keeping security patches up to date is just good, sound policy.
 
You must log in or register to reply here.

Latest posts

newsletter

  • RBHsound.com
  • BlueJeansCable.com
  • SVS Sound Subwoofers
  • Experience the Martin Logan Montis

Sitemap

Sitemap

Site Information

Site Information

HTML

audio forum
  • Facebook
  • Youtube
  • Twitter
  • instagram
  • rss
Top