The Sneaky Backdoor Hackers Are Using to Access Your Devices
Do you pirate movies or use bit torrent sites? Do you watch downloaded movies on desktop platforms? It’s okay, you can admit it: everyone does to an extent. But watching movies online might be putting you at more risk for hackers than you might think. How? Subtitle files laced with malware. Here how it works and how to stay safe.
The technology and security blog Check Point published an exposé last month detailing how hackers have been gaining access to people’s computers–likely for years– by exploiting the way media players use subtitle files. Check Point estimates that “hundreds of millions” users have likely been targeted.
So how does it work? Well when you download a movie, it usually comes with a subtitle file. And a lot of those subtitle files come from a website called Open Subtitles which is essentially an open source site with a ranking system to determine a user’s credibility. So hackers create their own subtitle files which contain malicious content like malware.
By exploiting or manipulating the ranking system, hackers managed to develop very “credible” accounts– at least on the surface. So media players were more likely to choose the hackers’ versions of various subtitles. Plus many media players parse together many different subtitle files to give the user a smoother experience. (Let’s all laugh now.) Since text files are usually a pretty low security risk, most anti virus software won’t even think twice. And so the malware just slips by virtually undetected.
Once a user plays the movie, an alert is sent to the hacker’s device notifying them that the file has been opened. From there, the hacker has complete access to the device playing the movie. So if you keep f*cking your computer up and think pirated movies (not porn) are the culprit but can’t pin-point how, this is probably what’s happening.
Worried you’re at risk? Well it depends which platforms you use to watch movies. Popcorn Time, VLC, Kodi (XBMC), and strem.io look like they were the most vulnerable. So that’s millions of users just between those platforms alone. And if you use other platforms that doesn’t necessarily mean you’re safe. Since then, the platforms have released patches and addressed the issue. But that doesn’t mean hackers can’t adapt and change their methods a bit. Although, they’ve probably been doing this for years and are probably pretty upset they’ve been discovered. But I’m sure they’ll rebuild.
This is especially scary when you consider how many devices people use now on a daily basis. Thanks to Wikileaks we already know the CIA has the ability to hack virtually all “smart” devices. And if the CIA can do it, that means other hackers can probably figure it out too. So everything from phones, to tablets, to TVs to freaking washing machines and refrigerators is fair game for hacking now. So I guess just don’t watch pirated movies on your smart fridge. (Hey why do you have a smart fridge anyway you a**hole?!)
The video below from Check Point clearly illustrates how hackers gain access to devices using subtitle files laced with malware.
Follow Randi Nord on TWITTER
Randi Nord lives in Pontiac, Michigan. She is a journalist for the The Fifth Column, co-founder of Geopolitics Alert, and co-hosts a podcast about geopolitics.