[SE-2011-01] PoC code for digital SAT TV research released

From: Security Explorations <contact@security-explorations.com>
To: full-disclosure@lists.grok.org.uk,bugtraq@securityfocus.com
Subject: [SE-2011-01] PoC code for digital SAT TV research released

Hello All,

Last year, we disclosed information pertaining to security issues
discovered as a result of our digital satellite TV research [1].

It's been over a year and we haven't received [2] information with
respect to the status and impact of the vulnerabilities found in:
- digital satellite TV set-top-boxes produced by Advanced Digital
   Broadcast [3],
- DVB / MPEG chipsets manufactured by STMicroelectronics [4].

We haven't received important information from Conax AS [5] either.

This in particular concerns a final security level assigned by the
company to set-top boxes and secure DVB chipsets evaluated as part
of Conax security / evaluation process. Conax "rigorous evaluation
and testing regime" [6] missed serious security vulnerabilities
potentially affecting 540 millions [7] of DVB / MPEG chipsets.

Today, a new digital satellite TV platform starts in Poland. It is
called NC+ [8] and it is apparently based on equipment / technology
coming from several vendors, which were affected by security issues
found as part of SE-2011-01 project.

We take the above as a perfect opportunity to verify whether these
vendors had learned anything from the results of our 1.5 years long
research. We assume that they have and that in particular:
- all of security issues discovered as part of our SE-2011-01 project
   have been properly resolved,
- new equipment is considerably harder to hack or use for any SAT TV
   piracy purposes.

We decided to release our Proof of Concept code developed as part of
SE-2011-01 project [9]. Its source code is is available for download
from the following location:


We believe that the security community and professionals involved in
a development of digital satellite TV ecosystems should benefit the
most from the release of our Proof of Concept code.

Thank you.

Best Regards,
Adam Gowdiak

Security Explorations
"We bring security research to the new level"

[1] SE-2011-01 Security weaknesses in a digital satellite TV platform
[2] SE-2011-01 Vendors status
[3] Advanced Digital Broadcast
[4] STMicroelectronics
[5] Conax AS
[6] Conax Security Evaluation Scheme
[7] Multimedia Convergence & ACCI Sector Overview, Philippe Lambinet, 
[8] NC+ Digital Satellite TV Plaform
[9] SE-2011-01 Proof of Concept Code (technical information)

Copyright © 1995-2020 LinuxRocket.net. All rights reserved.