Own A PC By Giving Them A Blu-Ray Movie

The Register is reporting that there are a couple of ways a hacker can take over a PC just by having you insert a Blu-Ray disc.

The first method exploits a poor software design in PowerDVD, the free DVD player software that is loaded on many PCs.  It allows the hacker to exploit a bug in Java to run an arbitrary executable.

This “feature” will allow a hacker to place an executable on a Blu-Ray disc and have it run on start-up, even if Windows is set to block that.

The other takes advantage of Blu-Ray debug code to do some fancy footwork and it will let a hacker again run an arbitrary executable.

You can stop the first exploit by uninstalling PowerDVD (which I don’t really like much as a DVD player anyway), but I don’t have a way to stop the second exploit.

We have seen that a hacker can own your car with a DVD, so why not your computer?

Maybe you should watch your movies on a DVD player instead.  Sorry! 🙂


Leave a Reply

Your email address will not be published. Required fields are marked *