Blu-Ray Players Hackable Via Malicious Discs

← Back to Stories (view on slashdot.org)

Blu-Ray Players Hackable Via Malicious Discs

Posted by Soulskill on Saturday February 28, 2015 @08:29AM from the physical-media-increasingly-sketchy dept.

An anonymous reader writes: Some Blu-Ray disc interactive features use a Java variant for UIs and applications. Stephen Tomkinson just posted a blog discussing how specially created Blu-Ray discs can be used to hack various players using exploits related to their Java usage. He hacked one Linux-based, network-connected player to get root access through vulnerabilities introduced by the vendor. He did the same thing against Windows Blu-Ray player software. Tomkinson was then able to combine both, along with detection techniques, into a single disc.

5 of 107 comments (clear)

Min score:

Reason:

Sort:

I should think so! by drinkypoo · 2015-02-28 08:45 · Score: 3, Insightful

My Blu-Ray player runs Linux and hasn't had a firmware update since 2011. I'd be shocked if it didn't have remote root holes accessible via network, let alone local privilege escalation exploits in Java.

--
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
1. Re:I should think so! by fuzzyfuzzyfungus · 2015-02-28 09:20 · Score: 4, Insightful
  
  I suspect that there are a number of ways in, given the usual attention given to firmware quality; but blu-ray isn't helped by having a security model marked by absolute paranoia about the precious 'content' escaping, combined with some amount of incompetence and a lot of pure apathy about any other security concern.
  
  With both the BD+ vm and the BD-J stuff, there is a lot of attention paid to 'ooh, the an unauthorized player attempting to do unauthorized things with the content on the disk?!'; but the contents of the disk are largely treated as trusted and the playback device is treated almost entirely as a potential adversary, not as a potential target, either from the disk side or the network side.
2. Re:I should think so! by Dutch+Gun · 2015-02-28 09:22 · Score: 4, Insightful
  
  That was my first thought as well. "It uses Java (probably an older, unpatched version), so of course it's got massive security holes." But seriously, does anyone think there's even a remote chance that in 2015, malware is going to be transported by Blu-ray disc? This is an interesting tech demo, and it's always good to be aware of the potential of these things, but it doesn't seem to be a likely threat vector.
  
  --
  Irony: Agile development has too much intertia to be abandoned now.
3. Re:I should think so! by Anonymous Coward · 2015-02-28 09:35 · Score: 2, Insightful
  
  I think that is also what they said about the sony rootkit embedded on CDs...
4. Re: I should think so! by fuzzyfuzzyfungus · 2015-02-28 10:54 · Score: 3, Insightful
  
  I think that the apps are supposed to be signed(at least to get useful elevated priviliges, like access to the network or to the player local storage); but if a signed, legitimate, app makes a network request to a server that is no longer friendly, then it becomes a question of input validation, even if the application signing scheme is 100% in order and nobody screwed any part of that up.
  
  Call me a pessimist; but I'd bet nontrivial money that a lot of the 'interactive' cruft that is pumped out to bulk up 'special edition' releases is barely up to the challenge of presenting a helpful error message if it gets a 404 from the remote host, much less not falling over and wagging its tail against moderately clever malice. In that case, it'd be a fully signed and approved app doing the work, but taking action based on (ill-founded) trust in content it downloaded.