Menu
How a Blu-ray disc could install malware on your computer

How a Blu-ray disc could install malware on your computer

A video will start playing, but something strange could be happening as well

A pair of vulnerabilities found in hardware and software for playing Blu-ray discs might come in handy for secret snooping by the U.S. National Security Agency.

Stephen Tomkinson of NCC Group, a U.K.-based security consultancy, engineered a Blu-ray disc which detects the type of player the disc is running on and then picks one of two exploits to land malware on a computer. He presented the research at the Securi-Tay conference at Abertay University in Scotland on Friday.

One of the problems is in PowerDVD, an application made by Taiwanese company CyberLink for playing DVDs on Windows computers. The company's applications are often preinstalled on computers from manufacturers including HP, Dell, Acer, Lenovo, Toshiba and ASUS, according to its website.

Blu-ray discs can support rich content like dynamic menus and embedded games, which are built using Blu-ray Disc Java (BD-J), a variation of Java for embedded systems. BD-J uses "xlets," or small applications, for things such as user interfaces.

Xlets are prohibited from accessing a computer's operating system and file system for obvious reasons. But Tomkinson found a flaw in PowerDVD that allowed him to get around the sandbox that xlets can run in and launch a malicious executable.

The second vulnerability lies in some Blu-ray disc player hardware. Tomkinson wrote that he analyzed a "fairly minimal' embedded system running Linux with a command-line BusyBox interface although he did not identify the make or model.

His second attack uses an exploit written by Malcolm Stagg to be able to get root access on a Blu-ray player. From there, he wanted to see if it was possible to trick the system into running a command that would install malware.

He found it was possible to write an xlet that fooled a small client application called "ipcc" running within the localhost into launching a malicious file from the Blu-ray disc.

To refine the attack, Tomkinson figured out a way to detect what kind of system the Blu-ray disc is running on in order to know which exploit to launch. To mask the strange activity, the Blu-ray disc is coded to start playing its content after one of the exploits has run.

Distributing a batch of malicious media has been used in the past to attack specific targets. Last month, Kaspersky Lab wrote about the Equation group, a highly advanced group of attackers suspected to be the NSA that used ingenious ways to deliver malware.

Kaspersky described how some participants of a scientific conference held in Houston later received a CD-ROM of material. The CD contained two zero-day exploits and a rarely-seen malware backdoor nicknamed Doublefantasy.

Tomkinson wrote that NCC Group has contacted "the vendors to resolve these issues with varying degrees of success." CyberLink officials could not immediately be reached for comment.

There are a few defensive precautions users can take. Tomkinson wrote that people can avoid Blu-ray discs that come from unknown sources and also stop discs from running automatically.

If it is possible, users should also turn off the capability that allows Blu-ray players to connect to the Internet or block it from connecting to a network, he wrote.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Exploits / vulnerabilitiesNCC Group

Featured

Slideshows

EDGE 2018: Kiwis kick back with Super Rugby before NZ session

EDGE 2018: Kiwis kick back with Super Rugby before NZ session

New Zealanders kick-started EDGE 2018 with a bout of Super Rugby before a dedicated New Zealand session, in front of more than 50 partners, vendors and distributors on Hamilton Island.​

EDGE 2018: Kiwis kick back with Super Rugby before NZ session
EDGE 2018: Kiwis assess key customer priorities through NZ research

EDGE 2018: Kiwis assess key customer priorities through NZ research

EDGE 2018 kicked off with a dedicated New Zealand track, highlighting the key customer priorities across the local market, in association with Dell EMC. Delivered through EDGE Research - leveraging Kiwi data through Tech Research Asia - more than 50 partners, vendors and distributors combined during an interactive session to assess the changing spending patterns of the end-user and the subsequent impact to the channel.

EDGE 2018: Kiwis assess key customer priorities through NZ research
Show Comments