Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Bad movie: Hackers can raid networks with burnt Blu-Rays

From: InfoSec News <alerts () infosecnews org>
Date: Mon, 2 Mar 2015 09:20:43 +0000 (UTC)
http://www.theregister.co.uk/2015/03/02/bad_movie_hackers_can_raid_networks_with_burnt_blurays/

By Darren Pauli
The Register
2 Mar 2015

British hacker Stephen Tomkinson has found two Blu-Ray-borne attacks.
His first exploit relies on a poor Java implementation in a product called PowerDVD from CyberLink. PowerDVD plays DVDs on PCs and creates menus using Java, but the way Oracle's code has been used allows naughty folk to circumvent Windows security controls.
The result, the NCC Group consultant says, is that it's possible to put executables onto Blu-Ray disks and to make those disks run automatically on startup even when Windows is set to stop that outcome.
Users would have no reason to suspect the whirring of an optical drive indicated unknown software was running, making this a potentially nasty attack. 

[...]



--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
Previous By Date Next
Previous By Thread Next

Current thread: