British hacker Stephen Tomkinson has discovered two attacks that can be made with Blu-Ray.
His first exploit is based on a poor Java application in the known application CyberLink's PowerDVD. PowerDVD plays DVDs on computers and creates menus using Java, but the way it uses Oracle's code allows you to bypass the security controls that Windows performs.
The result, as he says NCC Group, is that it is possible for executable Blu-Ray discs to automatically run at cmmovement of Windows, even when the settings prohibit it.
The second attack borrows, in part, from his discovery hacker Malcom Stagg, (the Blu Ray rooting process) that takes advantage of code debugging when an external USB goes to boot. With a new Java Xlet script hackers can replay the TCP stream to the net inf daemon, which provides an exploit from a Blu-ray disc.
Attackers should first determine the model of the DVD player used by the target to create a security exception specifically for this.
Tomkinson recommends that concerned users avoid playing Blu-Ray discs from untrusted sources, and prevent discs from Auto-playing and access in dianetwork.