Menu
How a Blu-ray disc could install malware on your computer

How a Blu-ray disc could install malware on your computer

A video will start playing, but something strange could be happening as well

A pair of vulnerabilities found in hardware and software for playing Blu-ray discs might come in handy for secret snooping by the U.S. National Security Agency.

Stephen Tomkinson of NCC Group, a U.K.-based security consultancy, engineered a Blu-ray disc which detects the type of player the disc is running on and then picks one of two exploits to land malware on a computer. He presented the research at the Securi-Tay conference at Abertay University in Scotland on Friday.

One of the problems is in PowerDVD, an application made by Taiwanese company CyberLink for playing DVDs on Windows computers. The company's applications are often preinstalled on computers from manufacturers including HP, Dell, Acer, Lenovo, Toshiba and ASUS, according to its website.

Blu-ray discs can support rich content like dynamic menus and embedded games, which are built using Blu-ray Disc Java (BD-J), a variation of Java for embedded systems. BD-J uses "xlets," or small applications, for things such as user interfaces.

Xlets are prohibited from accessing a computer's operating system and file system for obvious reasons. But Tomkinson found a flaw in PowerDVD that allowed him to get around the sandbox that xlets can run in and launch a malicious executable.

The second vulnerability lies in some Blu-ray disc player hardware. Tomkinson wrote that he analyzed a "fairly minimal' embedded system running Linux with a command-line BusyBox interface although he did not identify the make or model.

His second attack uses an exploit written by Malcolm Stagg to be able to get root access on a Blu-ray player. From there, he wanted to see if it was possible to trick the system into running a command that would install malware.

He found it was possible to write an xlet that fooled a small client application called "ipcc" running within the localhost into launching a malicious file from the Blu-ray disc.

To refine the attack, Tomkinson figured out a way to detect what kind of system the Blu-ray disc is running on in order to know which exploit to launch. To mask the strange activity, the Blu-ray disc is coded to start playing its content after one of the exploits has run.

Distributing a batch of malicious media has been used in the past to attack specific targets. Last month, Kaspersky Lab wrote about the Equation group, a highly advanced group of attackers suspected to be the NSA that used ingenious ways to deliver malware.

Kaspersky described how some participants of a scientific conference held in Houston later received a CD-ROM of material. The CD contained two zero-day exploits and a rarely-seen malware backdoor nicknamed Doublefantasy.

Tomkinson wrote that NCC Group has contacted "the vendors to resolve these issues with varying degrees of success." CyberLink officials could not immediately be reached for comment.

There are a few defensive precautions users can take. Tomkinson wrote that people can avoid Blu-ray discs that come from unknown sources and also stop discs from running automatically.

If it is possible, users should also turn off the capability that allows Blu-ray players to connect to the Internet or block it from connecting to a network, he wrote.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk


Follow Us

Join the newsletter!

Or
Error: Please check your email address.

Tags securityExploits / vulnerabilitiesNCC Group

Featured

Slideshows

Bumper channel crowd kicks off first After Hours of 2018

Bumper channel crowd kicks off first After Hours of 2018

After Hours made a welcome return to the channel social calendar with a bumper crowd of partners, distributors and vendors descending on The Jefferson in Auckland to kick-start 2018. Photos by Gino Demeer.

Bumper channel crowd kicks off first After Hours of 2018
Looking back at the top 15 M&A deals in NZ during 2017

Looking back at the top 15 M&A deals in NZ during 2017

In 2017, merger and acquisitions fever reached new heights in New Zealand, with a host of big name deals dominating the headlines. Reseller News recaps the most important transactions of the Kiwi channel during the past 12 months.

Looking back at the top 15 M&A deals in NZ during 2017
Kiwi channel closes 2017 with After Hours

Kiwi channel closes 2017 with After Hours

The channel in New Zealand came together to celebrate the close of 2017, as the final After Hours played out in front of a bumper Auckland crowd.

Kiwi channel closes 2017 with After Hours
Show Comments