A security researcher has recently demonstrated an attack on Windows computers and Blu-ray players using a malicious Blu-ray disc. Stephen Tomkinson demonstrated his findings during the Securi-Tay conference in Dundee, Scotland.
Tomkinson developed an attack that abuses Blu-ray features. Besides improved image and sound quality compared to DVD, the Blu-ray format also supports rich features like dynamic menu’s embedded games and the possibility to download additional information from the internet. These rich features are developed using a special Java based language called BD-J and can be compared to apps on mobile phones. However on Blu-ray players they aren’t called apps, but Xlets. The Xlets run in Virtual Machine which should prevent them from having access to the actual system.
The first demonstration of Tomkinson targeted Cyberlink’s PowerDVD software based Blu-ray player and the way it deals with Xlets. A vulnerability in the software allowed circumvention of the Xlet protection and executing random executable files. Because Blu-ray discs AutoPlay on computers with PowerDVD, an attacker could infect a computer with a Blu-ray disc containing malicious software.
The second attack was against a hardware Blu-ray player. An Xlet developed by Tomkinson allowed the the player to call an application that in its turn could execute a malicious files on the Blu-ray disc. This way the researcher was able to get root access to the Blu-ray player. To make sure victims are unaware of the attack, Tomkinson demonstrated how the actual movie played as usual after the attack.
Tomkinson is currently working with several Blu-ray player manufacturers to solve the issues. “With varying degrees of success”, the researcher notes. He advizes users to disable the AutoPlay feature of Windows and in case of hardware Blu-ray players to disconnect them from the internet.