Tuesday, 3 March 2015

Researcher Infected Windows Computers Via Blu-Ray

A researcher at security firm NCC Group has recently shown how using a malicious Blu-ray both Windows computers as Blu-ray players can attack. Stephen Tomkinson gave his demonstration during Secuir-Tay conference in Dundee, Scotland.

The attack that provides the researcher developed using the possibilities Blu-ray. Besides a better picture and sound quality compared to DVD support Blu-ray also many "rich features," such as dynamic menus, embedded games and the ability to download additional information from the internet. These rich features developed by BD-J, a version of Java that works with Xlets. Xlets are similar to the Webapplets that are used on websites. Xlets run in a Java Virtual Machine, which should prevent them from accessing the system.

First Attack:

The first demonstration Tomkinson focused on Cyberlink PowerDVD and how popular media player handles Xlets. A vulnerability in the software makes it possible for you to circumvent the security of the Xlet and execute arbitrary executables. As Blu-ray standard run on systems with PowerDVD, an attacker would through an infected Blu-ray can infect your computer.

Second Attack:

The second attack was directed against a physical Blu-ray player. An Xlet that Tomkinson developed proved to invoke a program on the player who then performed a malicious file from the Blu-ray. This has enabled the researcher to gain root access. In order to leave no potential targets presumption was just shown, the film after performing the attack.

Meanwhile, there would be cooperation with various suppliers to remedy the problems found. "With varying success," Tomkinson says. He advises users in the meantime to disable automatic playback of Blu-ray discs via the AutoPlay feature in Windows. In the case of a physical Blu-ray player users are wise to do that are not connected to the Internet.

No comments:

Post a Comment