The Register is reporting that there are a couple of ways a hacker can take over a PC just by having you insert a Blu-Ray disc.
The first method exploits a poor software design in PowerDVD, the free DVD player software that is loaded on many PCs. It allows the hacker to exploit a bug in Java to run an arbitrary executable.
This “feature” will allow a hacker to place an executable on a Blu-Ray disc and have it run on start-up, even if Windows is set to block that.
The other takes advantage of Blu-Ray debug code to do some fancy footwork and it will let a hacker again run an arbitrary executable.
You can stop the first exploit by uninstalling PowerDVD (which I don’t really like much as a DVD player anyway), but I don’t have a way to stop the second exploit.
We have seen that a hacker can own your car with a DVD, so why not your computer?
Maybe you should watch your movies on a DVD player instead. Sorry! 🙂