Those movie subtitles you downloaded might open your doors to hackers

If you thought movie subtitles are just benign text files you can download to your computer and use without fear, think again.

A report from security company Check Point claims that subtitles can be extremely dangerous, potentially allowing malicious hackers to completely take over your computer.

The subtitles come in many different forms -- over 25, according to the report -- and the way media files such as VLC or services such as Popcorn Time use them is often insecure. If a malicious user slips in a dangerous file instead of an actual subtitle, he can do a lot of damage to the victim's computer. Check out how an attacker can take control of the victim's machine in the video, below.

These subtitles are typically found on specialized websites such as Opensubttiles.org, where they're ranked according to user scores, giving users a sense of security that they're downloading a tried and tested version of the subtitle. But these scores can easily be manipulated as to push a malicious files on top of the rankings.

People who are used to subscription services such as Netflix, and those who don't watch a lot of media in a foreign language, typically don't need to download subtitles online. But a lot of people do; Check Point claims affected users are in the hundreds of millions.

Potential damage is endless

Check Point says it found vulnerabilities related to the way subtitles are handled in four popular media players and services: VLC, Kodi, Popcorn Time and Stremio. The company did not share details about the vulnerabilities, or what platforms are affected, but it did say that PCs, mobile devices and even Smart TVs are at risk.

"By conducting attacks through subtitles, hackers can take complete control over any device running them. From this point on, the attacker can do whatever he wants with the victim’s machine, whether it is a PC, a smart TV, or a mobile device. The potential damage the attacker can inflict is endless, ranging anywhere from stealing sensitive information, installing ransomware, mass Denial of Service attacks, and much more," the report claims.

All of the media players and services listed above have updated their software and fixed these exploits (though Kodi is currently only available as a source code release). Grab the new versions here: VLC, Kodi, Popcorn Time and Stremio.