Blu-ray hacking exposed


Addressing last weeks Securi-Tay conference hosted by the Abertay Ethical Hacking Society in Scotland, Stephen Tomkinson from the NCC Group detailed how Blu-ray players can do more than play videos; they can open up a new attack surface for the hacker. Tomkinson demonstrated a new tool that had been released in order to enable the investigation of embedded network devices, and used the network exposed features on a common Blu-ray player as an example. He showed how an innocent looking Blu-ray disc can actually circumvent sandboxes and present the hacker with control of the underlying systems. Of course, that innocent looking Blu-ray disc was anything but; it was highly malicious. The disc itself, by combining a number of vulnerabilities discovered in Blu-ray players, was able to both detect the player it was inserted in and then launch a platform specific malicious executable. It also played a movie, to do otherwise would be a tad suspicious. The full technical background is published here but essentially the rich features of Blu-ray interactivity are built using a Java variant called BD-J, this both user interfaces and embedded applications to be structured as Xlets which can be thought of as akin to web Applets. Tomkinson and his team managed to circumvent the JVM SecurityManager controls and gain access to the underlying OS.

Troy Gill, manager of security research at AppRiver, says that while exploits are interesting in as far as showing how seemingly harmless functionality can be leveraged to run malicious executables, avoiding the threat is quite simple. "You could start by disabling Autoplay, uninstall PowerDVD and avoiding DVD’s from unknown origins" he advises, continuing "although it could potentially be used as one additional attack vector for a hacker who is trying various methods to breach a specific network, given the fairly straightforward defense, I do not see this becoming a very widespread issue.” Tim Erlin, director of security and risk at Tripwire, warns that the problem here is that it is all too easy for the average consumer to "forget that the Blu-Ray player sitting next to their TV is really a full-fledged computing platform and member of their home network. While we talk about the Internet of Things as the future, we shouldn’t ignore the embedded devices we’ve already adopted into our lives. There’s a massive supply chain for the production of Blu-Ray discs, and while there are a number of security features in place, it’s worth considering how a compromise early in the chain might allow for distribution of malware at scale via discs themselves. This is a threat model that has national security implications, both for attacks at scale and targeted attacks at specific individuals.”

About the Author

A freelance technology journalist for 30 years, I have been a Contributing Editor at PC Pro (one of the best selling computer magazines in the UK) for most of them. As well as currently contributing to, The Times and Sunday Times via Raconteur Special Reports, SC Magazine UK, Digital Health, IT Pro and Infosecurity Magazine, I am also something of a prolific author. My last book, Being Virtual: Who You Really are Online, which was published in 2008 as part of the Science Museum TechKnow Series by John Wiley & Sons. I am also the only three times winner (2006, 2008, 2010) of the BT Information Security Journalist of the Year title, and was humbled to be presented with the ‘Enigma Award’ for a ‘lifetime contribution to information security journalism’ in 2011 despite my life being far from over...