Nytro Posted March 24, 2013 Report Posted March 24, 2013 [sE-2011-01] PoC code for digital SAT TV research releasedFrom: Security Explorations <contact () security-explorations com> Date: Thu, 21 Mar 2013 14:30:41 +0100Hello All,Last year, we disclosed information pertaining to security issuesdiscovered as a result of our digital satellite TV research [1].It's been over a year and we haven't received [2] information withrespect to the status and impact of the vulnerabilities found in:- digital satellite TV set-top-boxes produced by Advanced Digital Broadcast [3],- DVB / MPEG chipsets manufactured by STMicroelectronics [4].We haven't received important information from Conax AS [5] either.This in particular concerns a final security level assigned by thecompany to set-top boxes and secure DVB chipsets evaluated as partof Conax security / evaluation process. Conax "rigorous evaluationand testing regime" [6] missed serious security vulnerabilitiespotentially affecting 540 millions [7] of DVB / MPEG chipsets.Today, a new digital satellite TV platform starts in Poland. It iscalled NC+ [8] and it is apparently based on equipment / technologycoming from several vendors, which were affected by security issuesfound as part of SE-2011-01 project.We take the above as a perfect opportunity to verify whether thesevendors had learned anything from the results of our 1.5 years longresearch. We assume that they have and that in particular:- all of security issues discovered as part of our SE-2011-01 project have been properly resolved,- new equipment is considerably harder to hack or use for any SAT TV piracy purposes.We decided to release our Proof of Concept code developed as part ofSE-2011-01 project [9]. Its source code is is available for downloadfrom the following location:Security Explorations - SE-2011-01 - Vendors statusWe believe that the security community and professionals involved ina development of digital satellite TV ecosystems should benefit themost from the release of our Proof of Concept code.Thank you.Best Regards,Adam Gowdiak---------------------------------------------Security ExplorationsSecurity Explorations"We bring security research to the new level"---------------------------------------------References:[1] SE-2011-01 Security weaknesses in a digital satellite TV platform Security Explorations - SE-2011-01[2] SE-2011-01 Vendors status Security Explorations - SE-2011-01 - Vendors status[3] Advanced Digital Broadcast Advanced Digital Broadcast[4] STMicroelectronics STMicroelectronics[5] Conax AS CONAX | Sustaining Magic[6] Conax Security Evaluation SchemeSecurity Evaluation Scheme | CONAX[7] Multimedia Convergence & ACCI Sector Overview, Philippe Lambinet, STMicroelectronicsError[8] NC+ Digital Satellite TV Plaform nc+ - nowa definicja rozrywki[9] SE-2011-01 Proof of Concept Code (technical information) Security Explorations - SE-2011-01 - Proof of Concept codeSursa: Bugtraq: [sE-2011-01] PoC code for digital SAT TV research released Quote
