A pair of possible exploits in hardware and software used for playing Blu-ray discs have come to light, reports PC World.
Stephen Tomkinson, a security researcher for NCC, presented his research at the Securi-Tay conference at Abertay Univeristy in Scotland on Friday. At the event, he showed how he had been able to create a Blu-ray disc that detects the player it's running on, and then chooses one of two exploits to install malware on the host computer.
The first issue is with PowerDVD, CyberLink's software for playing optical discs on Windows computers, which comes installed on many manufacturers' computers by default. Blu-ray discs support additional content like dynamic menus, which are built into discs using Blu-ray Disc Java, and these use 'xlets' (small applications) for user interfaces. Tomkinson found a flaw in the software that allowed him to leave the xlet sandbox and launch malicious code. This is particularly serious because, as The Register puts it, "Users would have no reason to suspect the whirring of an optical drive indicated unknown software was running, making this a potentially nasty attack."
The second targets certain Blu-ray disc playing hardware, though Tomkinson didn't identify makes or models affected. In this exploit, he was able to get root access on a Blu-ray player, where he was able to 'trick' the system into running a command that would install malware. Network World explains that he "found it was possible to write an xlet that fooled a small client application called 'ipcc' running within the localhost into launching a malicious file from the Blu-ray disc."
To keep computer users from becoming suspicious, the Blu-ray disc is programmed to carry on playing the expected video content after the malware has been launched.
Tomkinson has contacted the vendors of the software and hardware concerning the vulnerabilities with "varying degrees of success," and Network World states that nobody from CyberLink could be reached for comment.
For now, Tomkinson advises that people should avoid Blu-ray discs from unknown sources and prevent them from running automatically.