Blu-Ray Players Hackable Via Malicious Discs

An anonymous reader writes: Some Blu-Ray disc interactive features use a Java variant for UIs and applications. Stephen Tomkinson just posted a blog discussing how specially created Blu-Ray discs can be used to hack various players using exploits related to their Java usage. He hacked one Linux-based, network-connected player to get root access through vulnerabilities introduced by the vendor. He did the same thing against Windows Blu-Ray player software. Tomkinson was then able to combine both, along with detection techniques, into a single disc.

Re:I should think so!

[fuzzyfuzzyfungus]

I suspect that there are a number of ways in, given the usual attention given to firmware quality; but blu-ray isn't helped by having a security model marked by absolute paranoia about the precious 'content' escaping, combined with some amount of incompetence and a lot of pure apathy about any other security concern.

With both the BD+ vm and the BD-J stuff, there is a lot of attention paid to 'ooh, the an unauthorized player attempting to do unauthorized things with the content on the disk?!'; but the contents of the disk are largely treated as trusted and the playback device is treated almost entirely as a potential adversary, not as a potential target, either from the disk side or the network side.

Re:Best defense is not to care

[txoof]

I suppose not caring works, but it seems like this is a great vector to turn hardware players into Zombies. If I were a criminal, I could think of a lot of things that could be done with even 1% of the world's internet connected players. Do you really want your Blu-Ray player to be part of a botnet sending spam or participating in denial of service attacks?

If for no other reason, think of the impact on your bandwidth and electric bill. I certainly don't want a house full of hackable hardware. When (if) the internet of things arrives without security and 10% of the fridges, air conditioners, electricity meters, washing machines, pet doors, TVs and driers are all hacked because manufacturers couldn't be bothered to secure them, I think you'll probably care. It will bring the interwebs to its knees.

Re:I should think so!

[Dutch+Gun]

That was my first thought as well. "It uses Java (probably an older, unpatched version), so of course it's got massive security holes." But seriously, does anyone think there's even a remote chance that in 2015, malware is going to be transported by Blu-ray disc? This is an interesting tech demo, and it's always good to be aware of the potential of these things, but it doesn't seem to be a likely threat vector.

Re: I should think so!

[bill_mcgonigle]

but it doesn't seem to be a likely threat vector.

Do some traffic analysis on your target's porn habits at the ISP, leave a compromised disc about his favorite kink in a bag on the ground near where he parks his car, and use his "connected" player to zero-day the other equipment on his LAN, installing the APT without even needing to pretend about premesis warrants or anything.

Wanna know a secret?

[Solandri]

I'll let you in on a little secret. I own lots of Blu-ray discs, but I don't actually own a Blu-ray player. I buy the disc (whatever my thoughts on Copyright, it is the law and the content producers do deserve to be paid), then I download a Blu-ray rip of the movie from a torrent site. Toss the file on my media server, and call it a day. They get their money, I don't have to deal with their forced previews and FBI warnings. I really have to wonder what they're thinking. First they complain about piracy, then they respond by making their products worse for legit customers than for pirates.

Re: Best defense is not to care

[Malc]

Most BD players do have storage. BD-Live depends upon it for instance.

Re: I should think so!

[greg1104]

Wow, there's an unexpected back-door entry at every step of that plan.