Users of Kodi, VLC and Popcorn Time are being urged to download a new security update following the discovery of a vulnerability that could allow hackers to take control of your device.
According to security firm Check Point who discovered the vulnerability, hackers are attacking users via the subtitle function, with millions of users thought to be at risk.
The cyber attack takes place when subtitles are loaded onto the video streaming service and has been allowed to go unnoticed as antivirus software typically does not flag subtitles as a threat.
Checkpoint estimates that 200 million users are currently vulnerable to attack.
“By crafting malicious subtitle files, which are then downloaded by a victim’s media player, attackers can take complete control over any type of device via vulnerabilities found in many popular streaming platforms, including VLC, Kodi (XBMC), Popcorn-Time and stream.io”, Checkpoint said in a blog post.
“We estimate there are approximately 200 million video players and streamers that currently run the vulnerable software, making this one of the most widespread, easily accessed and zero-resistance vulnerability reported in recent years.”
What makes the vulnerability even more dangerous is that it requires no action from the user in order to take place.
There’s no clicking on a link, for example, or being tricked into opening a malicious email or document.
“This method requires little or no deliberate action on the part of the user, making it all the more dangerous,” Checkpoint said.
Once the attack takes place, hackers are able to take control of the device running the streaming service, be it a computer, smart TV, phone, Android box or tablet.
“The potential damage the attacker can inflict is endless, ranging anywhere from stealing sensitive information, installing ransomware, mass Denial of Service attacks, and much more,” Checkpoint said.
Kodi meanwhile have released a statement to say they are aware of the issue and are urging all users to upgrade to the latest version.
“Our developers fixed this security gap and have added the fix to this v17.2 release. As such we highly encourage all users to install this latest version!
“Any previous Kodi version will not get any security patch. We have began the roll out of this version and Android Play Store as well as Windows Store have this update pending and will roll out as soon as possible,” the firm said.
Jonathan is our Google Nexus and Android enthusiast. He is also fanatical about football which makes it all the more strange that he should support Stockport County. In addition to writing about tech, Jonathan has a passion for fitness and nutrition and has previously written for one the UK’s leading watch and horology websites.