Some of the latest vulnerabilities found in hardware and software. Hardware and software that plays Blu-ray chip it can be used as a means of spying by the National Security Agency (NSA) in the United States.
Stephen Tomkinson from NCC Group, a security consultancy based in the UK, manipulate chip Blu-ray disc player that detects type. He tested Blu-ray on the type of compact disc player and take one of two ways exploits to spread to the computer.
It was revealed in his research at conferences Securi-Tay at Abertay University, Scotland. One of the problems found mention PowerDVD, an application made by a Taiwanese company, Cyberlink DVD playback on a Windows computer.
These applications often appears as a pre-installed on computers from manufacturers like HP, Dell, Acer, Lenovo, Toshiba and Asus. Chip Blu-ray support rich content, such as dynamic menus and games are embedded (embedded).
These features are created using a Blu-ray Disc Java (BD-J), a variation of Java for embedded systems. BD-J uses ‘xlets’ or a small application to support user interface.
System on ‘xlets’ allows to access the computer’s operating system and file system for obvious reasons. However, Tomkinson find defects in PowerDVD which allows ‘xlets’ can run and launch a malicious program.
Distribute the software or hazardous media have been used in the past to attack specific targets. Last month, Kaspersky Lab write Equation group, attackers alleged that the NSA uses an ingenious way to spread malware.