Light Dark
March 5, 2015 By Shane Schick 2 min read

In an age of streaming services such as Netflix and Hulu, it’s easy to forget many people watch Blu-ray Discs — and it’s even easier to overlook the technology as a potential target for malware.

At the recent Securi-Tay conference held in Scotland, a researcher from consultancy firm NCC Group presented evidence that attackers could use two vulnerabilities in common Blu-ray systems to inject malware and steal user data.

According to the firm’s blog, the NCC researcher demonstrated how a flaw in an application called PowerDVD could be breached and how an embedded system at the hardware level could potentially provide root access.

Consumers could be completely oblivious to these types of attacks, PCWorld pointed out, because those exploiting the vulnerabilities could create a Blu-ray disc that plays real content while it figures out which flaw offers the best attack vector. This is not unlike similar attempts to commit cybercrime via CDs and other forms of removable media.

Of course, Blu-ray software and hardware do come with some security safeguards, but in this case, the exploits would potentially let cybercriminals overcome Microsoft Windows’ auto-run prevention, according to TechWorm. There are other features to safeguard Blu-ray discs, but in some cases, such as PowerDVD, they may not have been updated for more than five years.

It should be pointed out that there is no sense that anyone has actually distributed malware via these Blu-ray system vulnerabilities and that what has been discovered was done through ethical hacking to educate security professionals. In fact, as SC Magazine suggested, many users of Blu-ray products may not realize the extent to which they are more digitally connected and, therefore, more open to attack.

The Register, however, noted that other ways to break into Blu-ray systems via digital rights management controls were revealed just a few months ago. Perhaps more people will pay greater attention to these types of holes. The only real prevention methods, of course, are much like those suggested for warding off cyberattacks via email: Don’t accept a Blu-ray disc that looks suspicious or comes from someone you don’t know. And, of course, you could always ditch the Blu-ray system and opt for streaming movies, instead.

 | 
Shane Schick
Writer & Editor

More from

May 1, 2024

New proposed federal data privacy law suggests big changes

3 min read - After years of work and unsuccessful attempts at legislation, a draft of a federal data privacy law was recently released. The United States House Committee on Energy and Commerce released the American Privacy Rights Act on April 7, 2024. Several issues stood in the way of passing legislation in the past, such as whether states could issue tougher rules and if individuals could sue companies for privacy violations. With the American Privacy Rights Act of 2024, the U.S. government established…

April 30, 2024

AI cybersecurity solutions detect ransomware in under 60 seconds

2 min read - Worried about ransomware? If so, it’s not surprising. According to the World Economic Forum, for large cyber losses (€1 million+), the number of cases in which data is exfiltrated is increasing, doubling from 40% in 2019 to almost 80% in 2022. And more recent activity is tracking even higher.Meanwhile, other dangers are appearing on the horizon. For example, the 2024 IBM X-Force Threat Intelligence Index states that threat group investment is increasingly focused on generative AI attack tools.Criminals have been…

April 29, 2024

The major hardware flaw in Apple M-series chips

3 min read - The “need for speed” is having a negative impact on many Mac users right now. The Apple M-series chips, which are designed to deliver more consistent and faster performance than the Intel processors used in the past, have a vulnerability that can expose cryptographic keys, leading an attacker to reveal encrypted data. This critical security flaw, known as GoFetch, exploits a vulnerability found in the M-chips data memory-dependent prefetcher (DMP). DMP’s benefits and vulnerabilities DMP predicts memory addresses that the…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature