Blu-Ray Players Hackable Via Malicious Discs

An anonymous reader writes: Some Blu-Ray disc interactive features use a Java variant for UIs and applications. Stephen Tomkinson just posted a blog discussing how specially created Blu-Ray discs can be used to hack various players using exploits related to their Java usage. He hacked one Linux-based, network-connected player to get root access through vulnerabilities introduced by the vendor. He did the same thing against Windows Blu-Ray player software. Tomkinson was then able to combine both, along with detection techniques, into a single disc.

Re:Best defense is not to care

[txoof]

I suppose not caring works, but it seems like this is a great vector to turn hardware players into Zombies. If I were a criminal, I could think of a lot of things that could be done with even 1% of the world's internet connected players. Do you really want your Blu-Ray player to be part of a botnet sending spam or participating in denial of service attacks?

If for no other reason, think of the impact on your bandwidth and electric bill. I certainly don't want a house full of hackable hardware. When (if) the internet of things arrives without security and 10% of the fridges, air conditioners, electricity meters, washing machines, pet doors, TVs and driers are all hacked because manufacturers couldn't be bothered to secure them, I think you'll probably care. It will bring the interwebs to its knees.