• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • February 20th, 2019
  • Home
  • About Us
  • Team
  • Advertise
  • Submit News
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Google+
    • Linkedin
    • Youtube
Home » Security » Malware » Vulnerability in Blu-ray Players allow hackers to penetrate your network

Vulnerability in Blu-ray Players allow hackers to penetrate your network

March 3rd, 2015 Waqas Malware, Security 0 comments
Vulnerability in Blu-ray Players allow hackers to penetrate your network
Share on FacebookShare on Twitter

Unsuspected Blu-Ray Players Vulnerabilities Present Open passage to Cybercriminals.

A team of security researchers at NCC Group analyzed different Blu-ray players and found numerous exploitable vulnerabilities in them.

Security researchers created a disc for running platform-specific fake executable prior to playing the required media content and they were able to exploit the vulnerabilities of the players.

Vulnerabilities in Blu-ray Player software

Stephen Tomkinson, one of the researchers, revealed how easily a compromised Blu-ray disc can be developed by utilizing poorly implemented Java, which allows a sandbox escape and executes arbitrary code spontaneously. Thus, it was quite possible to bypass the auto-run prevention process in Windows.

vulnerability-in-blu-ray-players-allow-hackers-to-penetrate-your-network

The team used Cyberlink’s Power DVD as a sample of their findings and stated that the application’s security procedure has gone through minimal modifications since Blu-ray support was implemented in 2009.

To limit the operations of Xlet, a Java-based application, the developer uses its personal Security Manager. Xlet contains dynamic menus of the disc and embedded content that can be run in a Java Virtual Machine.

In a blog post Tomkinson wrote: “PowerDVD comes with a range of additional Java classes which provide functionality internal to the player, but which are still callable by Xlets on the disc. One of these is the CUtil class which provides access to functions implemented in native code which fall outside of the SecurityManager’s control.”

By exploiting these operations, research team was able to develop instructions that read the arbitrary code the team placed on the disc.

Abusing hitches in a Physical Blu-ray player

A vulnerability that was observed by the team was that Physical Blu-ray players utilized previous work of Malcom Stagg. His project permitted modifications in the Sony Blu-ray BDP firmware so that the anti-piracy technology Cinavia gets removed.

Nonetheless, the exploit was doable by launching a library via a USB drive. The drive can be plugged into the device and web browser.

Otherwise, Tomkinson trusted the embedded Linux system to offer a path towards the targeted network and utilizing the Xlets present on the disc, it became possible to access the “ipc” and “net inf” daemons. These run the client applications on the Blu-ray player like it has an “execute” function that can be used to run a command.

According to Tomkinson, the exploits for both the Physical Blu-ray and the software of the players can be implanted on the media disc and it is also possible to launch them selectively. This can be done after deciding about the context the disc is required to be played in. Suppressing incidence of malicious activity is performed by starting the video.

To minimize the associated risks, Tomkinson advises users to no play Blu-ray discs from unverified sources and deactivate the AutoPlay function in Windows.

Moreover, reducing the physical player’s network access will stifle exploitation and this can be achieved by exploring the device’s Setting Menu. Follow @HackRead

  • Tags
  • Blue-Ray
  • hacking
  • Network
  • Privacy
  • security
  • Vulnerability
Facebook Twitter Google+ LinkedIn Pinterest
Previous article Stop!t: An App for Kids To Report Cyberbullies With Push of A Button
Next article Facebook's New Tool Will Help Users Against Suicidal Thoughts
Waqas

Waqas

Waqas Amir is a UK-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.

Related Posts
Severe flaws in password managers let hackers extract clear-text passwords

Severe flaws in password managers let hackers extract clear-text passwords

Download Kali Linux 2019.1 with Metasploit 5.0

Download Kali Linux 2019.1 with Metasploit 5.0

Rietspoof malware distributes ransomware via messaging apps

Rietspoof malware distributes ransomware via messaging apps

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

LATEST POSTS
Severe flaws in password managers let hackers extract clear-text passwords
Security

Severe flaws in password managers let hackers extract clear-text passwords

Feb 20th, 2019 206
Download Kali Linux 2019.1 with Metasploit 5.0
Downloads

Download Kali Linux 2019.1 with Metasploit 5.0

Feb 19th, 2019 889
Rietspoof malware distributes ransomware via messaging apps
Security

Rietspoof malware distributes ransomware via messaging apps

Feb 19th, 2019 513
Most & least radiation emitting smartphones in 2019
Technology News

Most & least radiation emitting smartphones in 2019

Feb 18th, 2019 1735

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in Milan, Italy.

Follow us