You also get a detailed description of your desired shows through IMDB rating, actors details, movie summary, and much more. This app consists of a customized list of live channels, movies, and TV series. On Stremio, you get to access all the contents with ease. As Stremio is flexible with the addons feature, you can add your add-ons with the movies or TV series that you like to watch. And this has leveled up the competition among other streaming services. Stremio has become popular with its add-on services among its user. Hence, you can enjoy all your favorite shows on one platform, without having to pay for the subscription charges of different streaming services. The content available on it is all from other platforms. However, Stremio is open-source software. It has a collection of movies, TV series, and new shows that get updated regularly. We are happy to report that the Stremio experience remains as secure as it is enjoyable – and we remain open to any questions you may have in this regard.Stremio is a streaming platform that is new in the world of entertainment. As we already said, the moment we found out about the vulnerability, we sanitized the subtitles content environment of Stremio and patched all of our apps to make sure each and every of our users is protected. This makes the attack even easier for hackers, as it lets them skip the Man in the Middle attack or any direct interaction tricking the user to open the malicious software. How could the attack vector spreadĪs Check Point explains, there are a number of shared online repositories for movie subtitles, and some media players download subtitles from them automatically.īy manipulating the ranking algorithms of the repositories, hackers can make sure that the malicious subtitles are ranked highest and therefore – downloaded with priority to other subtitle files. Once hackers have gained access to the infected device, they can pretty much do whatever they want on it – steal security-sensitive data, install ransomware, execute a mass denial of service attack and so forth. This is an attack vector that allows hackers to run malicious software on users’ computers, tablets, phones or smart TVs without the users even knowing – simply by opening a subtitles file with malware in their video players. This means that anti-virus programs or other security solutions don’t check them for malware, thus leaving the users exposed. Subtitle files are generally considered harmless text files. Once the user loads the infected subtitles file, the perpetrators gain access to the user’s computer. The vulnerability discovered by Check Point allows hackers to insert malicious code into movie subtitle files. To date, all of our users should be running a version of Stremio that is vulnerable to being hacked through subtitle files. In this case this meant that anyone who has launched Stremio after the security patch release has had the app immediately upgraded. None of our users had to install a specific version of the Stremio apps – whether you’re using Stremio on desktop, Android or iOS, the apps are automatically updated to the last available version in order to ensure optimal performance. ![]() ![]() This patch essentially shut down all the attack vectors that could make an attack possible. The Stremio security team wasted no time, and within the same day, we had already released a patch that would prevent hackers from exploiting the vulnerability. Ouch!įollowing the responsible disclosure guidelines, Check Point’s representatives got in touch the minute they discovered the vulnerability a couple of weeks ago. The threat affected the video players of Stremio, Kodi, VLC and Popcorn Time, and Check Point estimate that 200 million users around the world take use these players and could be exposed to the threat. The security firm Check Point discovered a security vulnerability that could potentially be harmful for millions of users around the world – attack by subtitles. The Stremio ecosystem has been protected against this vulnerability and is absolutely safe to use. Security researchers discovered a security vulnerability in a number of video players.
0 Comments
Leave a Reply. |