Blu-ray Disk Could Install Malware Into Your Computers

Blu-ray Disk Could Install Malware Into Your Computers

Stephen Tomkinson of NCC Group, a U.K.-based security consultancy, have identified a pair of security flaws in Blu-ray players that could be exploited to install malwares on victims computers. He engineered a Blu-ray disc which detects the type of player the disc is running on and then picks one of two exploits to install malwares on a computer.

Tomkinson presented the research at the Securi-Tay conference at Abertay University in Scotland on Friday. 

VULNERABILITIES

The vulnerabilities lies in the hardware and software of Blu-ray players. On of the vulnerability is in PowerDVD, an application for playing DVD's on windows computers. Another vulnerability is in some Blu-ray disc player hardware.

PowerDVD supports a richer interactive user experience, with dynamic menus, embedded games and access to the latest trailers downloaded from the Internet. These rich features are built using BD-J, a variant of Java which allows disc authors to build a range of user interfaces and embedded applications, structured into Xlets. 

Xlets run in a Java Virtual Machine secured using the standard security policy mechanisms which are enforced by a SecurityManager class. Generally, the security policy will prevent a disc from accessing anything outside of its virtual file system and ensure that a disc is not interacting directly with the underlying operating system.

But, the vulnerability in PowerDVD allowed Tomkinson to overcome the sandbox and run a malicious executable.

In order to take advantage of the hardware vulnerability, Tomkinson used an exploit to get root access on Blu-ray player. Then he tricked the system to run a command that installs malware from a Blu-ray disc by fooling an application called "ipcc" in the local host.

The engineered Blu-ray disc also play its content after running an exploit.

HOW TO AVOID ?

To reduce the your exposure to these vulnerabilities, you can follow :
  • Don't use  any removable media from unconfirmed origins.
  • Disable AutoPlay.
  • Disable all BDJ network access including access to localhost.
  • Disable network/internet connectivity (if its not necessary).

No comments

Powered by Blogger.