Batu69 Posted May 23, 2017 Share Posted May 23, 2017 Check Point researchers revealed a new attack vector threatening millions of users of popular media players, including VLC, Kodi (XBMC), Popcorn Time and Stremio. By crafting malicious subtitle files for films and TV programmes, which are then downloaded by viewers, attackers can potentially take complete control of any device running the vulnerable platforms. “The supply chain for subtitles is complex, with over 25 different subtitle formats in use, all with unique features and capabilities. This fragmented ecosystem, along with limited security, means there are multiple vulnerabilities that could be exploited, making it a hugely attractive target for attackers,” said Omri Herscovici, vulnerability research team leader at Check Point. Here’s a video of the attack: Hacked in Translation Demo The subtitles for films or TV shows are created by a wide range of subtitle writers, and uploaded to shared online repositories, such as OpenSubtitles.org, where they are indexed and ranked. Researchers also demonstrated that by manipulating the repositories’ ranking algorithm, malicious subtitles can be automatically downloaded by the media player, allowing a hacker to take complete control over the entire subtitle supply chain without user interaction. How many users are affected? VLC has over 170 million downloads of its latest version, released June 5, 2016. Kodi (XBMC) has reached over 10 million unique users per day, and nearly 40 million unique users per month. No current estimates exist for Popcorn Time usage, but it is estimated to be tens of millions. Check Point has reason to believe similar vulnerabilities exist in other streaming media players. What can you do? Since the vulnerabilities were disclosed, all four companies have fixed the reported issues. Stremio and VLC have also released new software versions incorporating this fix. “To protect themselves and minimize the risk of possible attacks, users should ensure they update their streaming players to the latest versions,” concluded Herscovici. Article source Link to comment Share on other sites More sharing options...
JimmySvert Posted May 23, 2017 Share Posted May 23, 2017 This seems to be some serious threat. It's always better to do some things manually (eg downloading subs / streams from sources u trust without using third party software etc) Link to comment Share on other sites More sharing options...
IronY-Man Posted May 23, 2017 Share Posted May 23, 2017 thats why its better to download subs manually !! Link to comment Share on other sites More sharing options...
steven36 Posted May 23, 2017 Share Posted May 23, 2017 It seems that when you playerz go too the website and download the subs Hackers are using XSS (Cross Site Scripting) and sending you a infected sub . The patch is a xss protection for subs. Links: https://github.com/popcorn-official/popcorn-desktop/commit/a9aa8e16610ee8cb23ba4a6452c5a69bf88d9107#diff-dae321f04e3a88d56a74ff57c73c2002 https://github.com/butterproject/butter-desktop/pull/602 https://github.com/xbmc/xbmc/pull/12024 If you use no script in you're browser even with it disabled it protects against XSS attacks and just download you're subs the old fashion way is the safest way. Link to comment Share on other sites More sharing options...
JeffDunhill Posted May 23, 2017 Share Posted May 23, 2017 Manual downloading of subs is also under threat? Link to comment Share on other sites More sharing options...
debebee Posted May 23, 2017 Share Posted May 23, 2017 I usually edit the subs i download before i use them... And i download them from reputable sources. So what script? Link to comment Share on other sites More sharing options...
nIGHT Posted May 24, 2017 Share Posted May 24, 2017 This is new and very creative. Luckily, Check point researchers discovered it first, shared the vulnerability to the affected players and saved us from great pain. Thanks Check Point! Just now, Batu69 said: What can you do? (to protect youyrself) Since the vulnerabilities were disclosed, all four companies have fixed the reported issues. Stremio and VLC have also released new software versions incorporating this fix. “To protect themselves and minimize the risk of possible attacks, users should ensure they update their streaming players to the latest versions,” concluded Herscovici. Article source Link to comment Share on other sites More sharing options...
tao Posted May 25, 2017 Share Posted May 25, 2017 < Deleted (already posted) > Link to comment Share on other sites More sharing options...
Reefa Posted May 25, 2017 Share Posted May 25, 2017 Thread merged with batu's...Please do a full forum search before Posting..... Link to comment Share on other sites More sharing options...
steven36 Posted May 25, 2017 Share Posted May 25, 2017 On undefined at 1:23 PM, JeffDunhill said: Manual downloading of subs is also under threat? The whole Internet is under threat but as far as know no 3rd party sub sites have been compromised . I have a account at opensubtitles that site you have always had to becareful not too click on fake download buttons I block them with uBlock Origin because of the advertisement they use get yourself some good cross site blocking addons like uMatrix and NoScript . I been vising sub sites for years and never had any problems most the time i don't need subs but only for non English movies and movies that have non English parts but sometimes the release groups have subs in the release and i don't need to visit no site. Link to comment Share on other sites More sharing options...
steven36 Posted May 25, 2017 Share Posted May 25, 2017 3 minutes ago, 0bin said: This is low move from them, many people using English subs to improve their English skills... Well that is just a fact of life even when people try too download Adobe Flash Player online Adobe uses pup .. Many freeware and shareware programs do too.Even when you visit Google you could get infected if not careful .. And filehost and torrent sites are some of the worse for malicious ads . And many websites also be canvas fingerprinting and WebGL fingerprinting to get youre hardware id so they cant keep track of you even using a vpn .The web runs off advertising Here is a userscript that has a list of some of the sites that uses adware if you care too look . AntiAdware https://greasyfork.org/en/scripts/4294-antiadware Link to comment Share on other sites More sharing options...
steven36 Posted May 25, 2017 Share Posted May 25, 2017 27 minutes ago, 0bin said: Yes, was using before with Greasemonkey combo, now with the advent of Adblock Protector switched to Tampermonkey with Adsbypasser+Antiadware+Adblock Protector+Maknyos Autoin Only Chrome browser I find working right to block Canvas fingerprinting is slimjet witch has a built in blocker ,Canvas Defender breaks some websites in chrome like openload , the Disable WebGL is working OK but if you're worried about being tracked i would never suggest using chrome it better to use Waterfox or Firefox ESR. The Adblock Protector list is built in too uBlock Origin it seem too work ok using it with the REEK Script and Greasemonkey the guy who makes Adblock Protector scriprt needs to fix his script too work on Greasemonkey because Tapermonkey is buggy in Firefox and cant be used in ESR . Link to comment Share on other sites More sharing options...
steven36 Posted May 25, 2017 Share Posted May 25, 2017 4 minutes ago, 0bin said: AAK Reek seems no currently under development, Adblock Protector is updated many times, sometimes multiple times a day, but is a different approach, cause of that work better than previous one. Do you think that addon is better than Canvas Defender for Chrome? I prefered too Greasemonkey, but I red something about the security of that Addon, I will review that. A script that dont work in my browser is useless I don;t use e 10s in my browsers in Linux or Windows This not what you need to worry about anyway it takes 33 bits it takes 33 Bits of entropy data to identify someone. https://33bits.org/about/ I'm scoring around 18 in waterfox with the addons i have installed https://panopticlick.eff.org/ Link to comment Share on other sites More sharing options...
steven36 Posted May 25, 2017 Share Posted May 25, 2017 5 minutes ago, 0bin said: If you use Tampermonkey also? I hope he will support also Greasemonkey That error is from Tapermonkey it don't work without e10s . It works ok in chrome based browsers GreaseMonkey have over a million users at AMO there is no excuse for making a shabby script that don't work in it I'm not changing my addon just because one script want work.. Link to comment Share on other sites More sharing options...
steven36 Posted May 25, 2017 Share Posted May 25, 2017 6 minutes ago, 0bin said: The canvas score I obtain are lower with the one you suggested, removed Canvas Defender, added this one im not talking about just canvas itself im talking about the score as a whole , canvas only make up a small percent of data they collect. all it takes is 33 bits of a all tracking techniques combined. Canvas Fingerprinting: a reality check http://theprivacyblog.com/tracking-2/canvas-fingerprinting-a-reality-check/ Link to comment Share on other sites More sharing options...
steven36 Posted May 25, 2017 Share Posted May 25, 2017 15 minutes ago, 0bin said: Firefox Currently, we estimate that your browser has a fingerprint that conveys 17.26 bits of identifying information. Chrome Currently, we estimate that your browser has a fingerprint that conveys at least 18.26 bits of identifying information. all i had to do is change my addon canvas blocker to prescient it lower it . Currently, we estimate that your browser has a fingerprint that conveys 16.67 bits of identifying information. Link to comment Share on other sites More sharing options...
straycat19 Posted May 25, 2017 Share Posted May 25, 2017 From the looks of the video they are using Remote Desktop to access the targeted system. Therefore, the default port for RDP (3389), can be blocked and RDP disabled. That will effectively stop them from 'taking over' your computer. Keep in mind, like all published exploits, they are done in a lab under controlled conditions and obviously have no security enabled on the systems. Hopefully the users on Nsane are a little smarter than the dumb systems they use in the labs to run their exploits on. The world of cyber security has become the new version of the kids book about Chicken Little running around saying, "The sky is falling, the sky is falling!" Link to comment Share on other sites More sharing options...
steven36 Posted May 25, 2017 Share Posted May 25, 2017 2 hours ago, straycat19 said: From the looks of the video they are using Remote Desktop to access the targeted system. Therefore, the default port for RDP (3389), can be blocked and RDP disabled. That will effectively stop them from 'taking over' your computer. Keep in mind, like all published exploits, they are done in a lab under controlled conditions and obviously have no security enabled on the systems. Hopefully the users on Nsane are a little smarter than the dumb systems they use in the labs to run their exploits on. The world of cyber security has become the new version of the kids book about Chicken Little running around saying, "The sky is falling, the sky is falling!" This is true it never was in the wild as far as we know , but Google Chrome is the worlds worse at paying hackers to find exploits not in the wild so they can patch them, they have been doing this for years , Well Checkpoint found this one for free and video player vendors have patched it by now it's one less 0day ether way no matter how hard you try too underrate it If something was to happen now and you didn't update you're software it would be no ones fault but you're own. These are open source projects they don't have the money too pay researchers like closed source projects does and open source that's being heavily developed patches things asap . Were closed source puts it off as long as they can. Closed source should use this and many more cases as a example of how they should patch 0days. What about the exploit that was patched in March that was in the wild for 5 years and Hackers waited tell 3 mths after it was patched too infect 1000s of PC because certain idiots didn't do security updates ? The thing about exploits after you're attacked it's too late. In this day and age it pays too be paranoid and if you think you can use old software and never do updates that connects too the open Internet it means you have poor cyber security and you think you're 10 feet tall and bullet proof you're day is coming . People who puts down people who try to protect there privacy and security sound like Covert Agents that benefit from no one doing anything to try too protect themselves so they spreed deceit . Or ether they have been brainwashed down too there level and doing the Government's dirty work for free . It's one or the other! How Covert Agents Infiltrate the Internet to Manipulate, Deceive, and Destroy Reputations https://theintercept.com/2014/02/24/jtrig-manipulation/ Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.