{"id":7751,"date":"2015-03-06T10:00:51","date_gmt":"2015-03-06T15:00:51","guid":{"rendered":"http:\/\/blog.nccomputertech.com\/?p=7751"},"modified":"2015-03-06T10:00:51","modified_gmt":"2015-03-06T15:00:51","slug":"more-iot-insecurity-this-blu-ray-disc-pwns-pcs-and-dvd-players","status":"publish","type":"post","link":"https:\/\/nccomputertech.com\/techtalk\/2015\/03\/06\/more-iot-insecurity-this-blu-ray-disc-pwns-pcs-and-dvd-players\/","title":{"rendered":"More IoT insecurity: This Blu-ray disc pwns PCs and DVD players"},"content":{"rendered":"<p style=\"text-align:center;\"><a href=\"http:\/\/arstechnica.com\/security\/2015\/03\/more-iot-insecurity-this-blu-ray-disc-pwns-pcs-and-dvd-players\/?utm_source=feedburner&amp;utm_medium=feed&amp;utm_campaign=Feed%3A+arstechnica%2Ftechnology-lab+%28Ars+Technica%3A+Technology+Lab%29\"><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2015\/03\/blu_ray_icon.png\" alt=\"\" \/><\/a><\/p>\n<p>For more than a decade, malicious hackers have used booby-trapped USB sticks to infect would-be victims, in rare cases to spread virulent, self-replicating malware on air-gapped computers inside a uranium enrichment plant. Now, a security researcher says he has found a way to build malicious Blu-ray discs that could do much the same thing\u2014without any outward signs that an attack was underway.<\/p>\n<p>Stephen Tomkinson, a security consultant at NCC Group, said he has devised a proof-of-concept exploit that allows a Blu-ray disc to compromise both a PC running Microsoft Windows and most standalone Blu-ray players. He spoke about the exploit on Friday at the Securi-Tay conference at the Abertay University in Dundee, Scotland, during a keynote titled &#8220;Abusing Blu-ray players.&#8221;<\/p>\n<p>&#8220;By combining different vulnerabilities in Blu-ray players, we have built a single disc which will detect the type of player it\u2019s being played on and launch a platform-specific executable from the disc before continuing on to play the disc\u2019s video to avoid raising suspicion,&#8221; Tomkinson wrote in an accompanying blog post. &#8220;These executables could be used by an attacker to provide a tunnel into the target network or to exfiltrate sensitive files, for example.&#8221;<\/p>\n<p>The Windows-based exploit targets PowerDVD, the media player software bundled with the OS Blu-ray-equipped PCs since at least Windows XP. The Blu-ray specification uses a variant of Oracle&#8217;s Java framework known as BD-J that allows disc creators to offer various user interfaces and embedded applications. The PowerDVD software offers additional Java classes that provide still more functions and can be invoked using &#8220;Xlets,&#8221; which are small snippets of code analogous to Applets found on websites.<\/p>\n<p>One of the Java classes that Xlets call is a CUtil class that has the ability to read arbitrary files from the disc. Tomkinson discovered a way to manipulate the list of objects the software reads so he could add his own malicious code. &#8220;As Blu-ray discs will auto-play on systems with PowerDVD installed, we now have a mechanism to bypass Windows&#8217; auto-run mitigations,&#8221; he noted.<\/p>\n<p>To compromise standalone Blu-ray players, Tomkinson turned to the extensive amount of already existing research on rooting players, including this exploit, which makes use of a programming debugging process that allows the launching of a Web browser. Using some Xlet wizardry, the researcher found a way to run executable files embedded in the disc from the player&#8217;s supposedly limited environment.<\/p>\n<p>NSS is working with software and hardware makers on a fix. In the meantime, the company recommends that people avoid using removable media drives from unknown origins and that they use the AutoPlay section of the Windows Control Panel to stop discs from playing as soon as they&#8217;re inserted. NSS also recommended using any available settings to prevent discs from accessing the Internet, since in many cases that will disable BD-J network access, including to the localhost. And as always, users should think long and hard before connecting standalone Blu-ray players, or any &#8220;Internet of things&#8221; device, to the Internet. If there&#8217;s not a clear benefit, it&#8217;s not worth the added security risk.<\/p>\n<p>via <a href=\"http:\/\/arstechnica.com\/security\/2015\/03\/more-iot-insecurity-this-blu-ray-disc-pwns-pcs-and-dvd-players\/?utm_source=feedburner&amp;utm_medium=feed&amp;utm_campaign=Feed%3A+arstechnica%2Ftechnology-lab+%28Ars+Technica%3A+Technology+Lab%29\" target=\"_blank\">More IoT insecurity: This Blu-ray disc pwns PCs and DVD players | Ars Technica<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>For more than a decade, malicious hackers have used booby-trapped USB sticks to infect would-be victims, in rare cases to [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[7,10],"tags":[138,655],"class_list":["post-7751","post","type-post","status-publish","format-standard","hentry","category-security","category-technology","tag-blu-ray","tag-malware"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/papNkV-211","jetpack-related-posts":[{"id":6426,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/09\/12\/quality-versus-convenience-can-4k-blu-ray-discs-fend-off-streaming-media\/","url_meta":{"origin":7751,"position":0},"title":"Quality versus convenience: Can 4K Blu-ray discs fend off streaming media?","author":"NCCT","date":"September 12, 2014","format":false,"excerpt":"Streaming video may be the wave of the future but optical discs aren\u2019t ready to concede defeat just yet. During the IFA trade show on Friday, the Blu-ray Disc Association said it is nearing completion of a version of its optical disc technology that can support high-resolution 4K videos. They\u2026","rel":"","context":"In &quot;Technology&quot;","block_context":{"text":"Technology","link":"https:\/\/nccomputertech.com\/techtalk\/category\/technology\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":9273,"url":"https:\/\/nccomputertech.com\/techtalk\/2017\/11\/04\/the-new-screen-savers-129-iphone-x-is-here\/","url_meta":{"origin":7751,"position":1},"title":"The New Screen Savers 129: iPhone X is Here","author":"NCCT","date":"November 4, 2017","format":false,"excerpt":"https:\/\/youtu.be\/THUGMzAgU3s - The iPhone X is here. Leo Laporte and Megan Morrone give their first impressions on how Face ID works, the lack of a home button, and screen. - Kelsea Weber from iFixit.com already torn down the iPhone X. They found some inventive ways Apple built the phone, including\u2026","rel":"","context":"In &quot;Apple&quot;","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/THUGMzAgU3s\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9113,"url":"https:\/\/nccomputertech.com\/techtalk\/2017\/01\/26\/this-week-in-computer-hardware-399-vr-musical-chairs\/","url_meta":{"origin":7751,"position":2},"title":"This Week in Computer Hardware 399: VR Musical Chairs!","author":"NCCT","date":"January 26, 2017","format":false,"excerpt":"https:\/\/www.youtube.com\/watch?feature=player_detailpage&v=gAEmpiIUC9s Samsung Explains The Battery Thing, Facebook gets 2FA Keys, a little bit on Windows 10 Game Mode, some cool new VR titles, UHD Blu-ray drives from Pioneer, and more!","rel":"","context":"In &quot;Hardware&quot;","block_context":{"text":"Hardware","link":"https:\/\/nccomputertech.com\/techtalk\/category\/hardware\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/gAEmpiIUC9s\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":7570,"url":"https:\/\/nccomputertech.com\/techtalk\/2015\/02\/05\/malicious-advertisements-on-major-sites-compromised-many-many-pcs\/","url_meta":{"origin":7751,"position":3},"title":"Malicious advertisements on major sites compromised many, many PCs","author":"NCCT","date":"February 5, 2015","format":false,"excerpt":"Attackers who have slipped malicious advertisements onto major websites over the last month have potentially compromised large numbers of computers. Several security vendors have documented attacks involving malicious advertisements, which automatically redirect victims to other websites or pages that silently attack their computer and install malware. \u201cWe certainly see malvertising\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":119,"url":"https:\/\/nccomputertech.com\/techtalk\/2012\/11\/28\/new-linux-rootkit-injects-malicious-html-into-web-servers\/","url_meta":{"origin":7751,"position":4},"title":"New Linux rootkit injects malicious HTML into Web servers","author":"NCCT","date":"November 28, 2012","format":false,"excerpt":"A newly discovered form of malware that targets Linux servers acting as Web servers allows an attacker to directly inject code into any page on infected servers\u2014including error pages. The rootkit, which was first publicly discussed on the Full Disclosure security e-mail list on November 13, appears to be crafted\u2026","rel":"","context":"In &quot;Networking&quot;","block_context":{"text":"Networking","link":"https:\/\/nccomputertech.com\/techtalk\/category\/networking\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":5916,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/07\/08\/attack-on-dailymotion-redirected-visitors-to-exploits\/","url_meta":{"origin":7751,"position":5},"title":"Attack on Dailymotion redirected visitors to exploits","author":"NCCT","date":"July 8, 2014","format":false,"excerpt":"Attackers injected malicious code into Dailymotion.com, a popular video sharing website, and redirected visitors to Web-based exploits that installed malware. The rogue code consisted of an iframe that appeared on Dailymotion on June 28, researchers from security vendor Symantec said Thursday in a blog post. The iframe redirected browsers to\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/7751","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/comments?post=7751"}],"version-history":[{"count":0,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/7751\/revisions"}],"wp:attachment":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/media?parent=7751"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/categories?post=7751"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/tags?post=7751"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}