Blu-ray exploits could allow computer malware infection

A pair of possible exploits in hardware and software used for playing Blu-ray discs have come to light, reports PC World.

02 Mar 2015
 • 
,
1 min. read

A pair of possible exploits in hardware and software used for playing Blu-ray discs have come to light, reports PC World.

Stephen Tomkinson, a security researcher for NCC, presented his research at the Securi-Tay conference at Abertay Univeristy in Scotland on Friday. At the event, he showed how he had been able to create a Blu-ray disc that detects the player it’s running on, and then chooses one of two exploits to install malware on the host computer.

The first issue is with PowerDVD, CyberLink’s software for playing optical discs on Windows computers, which comes installed on many manufacturers’ computers by default. Blu-ray discs support additional content like dynamic menus, which are built into discs using Blu-ray Disc Java, and these use ‘xlets’ (small applications) for user interfaces. Tomkinson found a flaw in the software that allowed him to leave the xlet sandbox and launch malicious code. This is particularly serious because, as The Register puts it, “Users would have no reason to suspect the whirring of an optical drive indicated unknown software was running, making this a potentially nasty attack.”

The second targets certain Blu-ray disc playing hardware, though Tomkinson didn’t identify makes or models affected. In this exploit, he was able to get root access on a Blu-ray player, where he was able to ‘trick’ the system into running a command that would install malware. Network World explains that he “found it was possible to write an xlet that fooled a small client application called ‘ipcc’ running within the localhost into launching a malicious file from the Blu-ray disc.”

To keep computer users from becoming suspicious, the Blu-ray disc is programmed to carry on playing the expected video content after the malware has been launched.

Tomkinson has contacted the vendors of the software and hardware concerning the vulnerabilities with “varying degrees of success,” and Network World states that nobody from CyberLink could be reached for comment.

For now, Tomkinson advises that people should avoid Blu-ray discs from unknown sources and prevent them from running automatically.

Keep your files stored safely and securely with the SanDisk 2TB Extreme Portable SSD. With over 69,505 ratings and an impressive 4.6 out of 5 stars, this product has been purchased over 8K+ times in the past month. At only $129.99, this Amazon’s Choice product is a must-have for secure file storage.

Help keep private content private with the included password protection featuring 256-bit AES hardware encryption. Order now for just $129.99 on Amazon!

Help Power Techcratic’s Future – Scan To Support

If Techcratic’s content and insights have helped you, consider giving back by supporting the platform with crypto. Every contribution makes a difference, whether it’s for high-quality content, server maintenance, or future updates. Techcratic is constantly evolving, and your support helps drive that progress.

As a solo operator who wears all the hats, creating content, managing the tech, and running the site, your support allows me to stay focused on delivering valuable resources. Your support keeps everything running smoothly and enables me to continue creating the content you love. I’m deeply grateful for your support, it truly means the world to me! Thank you!