Posts: 1,272
Joined: Mar 2006
Reputation:
27
17.2 already cover this problem
Posts: 94
Joined: Nov 2014
Reputation:
3
Is there anything you can look for in a subtitle file to tell if it is infected?
I understand that if you let Kodi automatically download subtitles, that's a problem. From what I am reading in this thread, we'd be safe if we unzipped the subtitles outside of Kodi and then manually moved them? Or is there something malicious in the subtitle text file itself? If so, are there specific characters that could be stripped out? If there is any potential harm in the actual subtitles files, is there any kind of "scrubber" program that could be used to clean up subtitle files, or let you know they are bad and delete them before they can do any damage?
From the video it appears this thing allows the attacker to VNC in. Is there a way to block it from making a connection using a firewall, or some other program?
I would like to know if any of the subtitle repositories (such as Open Subtitles) taking any proactive steps to delist bad subtitles. If not, they should!
One thing you must realize is there are many systems that are not and maybe cannot immediately run the latest version of Kodi. Personally I am still running Isengard because EVERY newer version has broken something I use (in Krypton it's passthru audio in Live TV). Kodi has been saying for some time now that you are never forced to upgrade to a newer version, but doesn't leaving older versions vulnerable kind of have the same effect? Could the Kodi subtitles addons be modified to check for "bad" subtitle files? I ask that because the addons can usually be installed in older versions (up to a point).
I'd really like to find a solution that works system-wide. For example, if the exploit depends on VNC, is there a way to restrict VNC connections to my local network only (this would be on a Ubuntu Linux 14.04 system)? Or to totally disable VNC except when I need to use it locally?
The whole problem with the warning appearing in most of the articles is that it gives just enough information to scare the hell out of anyone that has ever used subtitles or that occasionally needs them, without really giving any information on how to prevent infection or remove any infection already present.
My personal feeling is that at the very least, Kodi should immediately issue replacements to subtitle addons that either proactively prevent bad subtitle files from being allowed to do anything malicious, of failing that they should do absolutely noting except display a warning against using such an addon, until there is some way to make the addon distinguish between an infected subtitle and a normal one. That would be one fast way to slow this down because (maybe contrary to the delusions of certain Kodi developers) most Kodi users probably aren't all that computer-savvy, and many are running older versions, and a fair percentage probably neither read the type of sites that contain such warnings nor would have the foggiest idea how to upgrade Kodi (or might not want to for one reason or another). At least if the subtitles addons were updated to prevent downloading any malicious subtitles (even if that means downloading NO subtitles at all until a prophylactic can be developed) it would help slow the infection.
Posts: 1,607
Joined: Apr 2016
(2017-05-24, 19:39)xbmclinuxuser Wrote: I have no idea how you'd do this in an existing system but if this works, could you guys PLEASE update the OpenSubtitles addon to include it?
In existing system? What does that mean? It is pretty simple actually, the regex only checks for /../ or \..\ in zip path name (which is level up) and if it's there, doesn't extract it....
All subtitle providers / addon authors should check for this and correct it in their addons....
Posts: 61
Joined: Jan 2015
Reputation:
1
Is this only if we download subtitles via Kodi? I have subliminal gather SRT files first and place them in the video directory, I believe this is safe but I can't find the answer on this (only questions, like birdwatcher asked above)...