British hacker Stephen Tomkinson found out two attacks that can be done with Blu-Ray.
His first exploit is based on a poor Java application in the known application CyberLink's PowerDVD. PowerDVD plays DVDs on computers and creates menu using Java, but the way it uses Oracle code allows the checks to be bypassed security performed by Windows.
The result, as he says NCC Group, is that it is possible for executable Blu-Ray discs to run automatically when Windows starts, even when the settings are forbidden.
The second attack borrows, in part, from his discovery hacker Malcom Stagg, (τοBlu Ray rooting process) που εκμεταλλεύεται τον εντοπισμό σφαλμάτων κώδικα όταν πάει να ξεκινήσει ένα εξωτερικό USB. Με ένα νέο script Java Xlet οι hackers μπορούν να αναπαράγουν το TCP stream στο net inf daemon, which provides an exploit from a Blu ray disc.
Attackers should first determine the model of the DVD player used by the target to create a security exception specifically for this.
Tomkinson urges interested users to avoid playing Blu-Ray discs from unreliable sources, and to prevent discs from playing Auto-play and accessing the internet.