Bugtraq mailing list archives
[SE-2011-01] Security vulnerabilities in a digital satellite TV platform
From: Security Explorations <contact () security-explorations com>
Date: Tue, 03 Jan 2012 18:51:44 +0100
Dear Bugtraq, The following information might be of interest for the readers of this list. Security Explorations, a security and vulnerability research company from Poland, discovered multiple security vulnerabilities in the major polish digital satellite platform "N" [1]. The most serious of the 24 weaknesses uncovered allows for a remote attack against network connected, satellite set-top-box equipment and for the persistent and automatic malware code installation on it. As a result, full control over the vulnerable set-top-box devices can be gained by attackers, which could conduct all sorts of malicious activities on them. This in particular includes unauthorized capture and sharing of a digital satellite TV signal with arbitrary (non-paying) audience. The latter turned out to be possible regardless of the advanced security mechanisms such as Conax conditional access system [2][3] with chipset pairing [4] implemented by the investigated set-top-boxes (ITI5800S, ITI5800SX, ITI2850ST, ITI2849ST). The goal of the chipset pairing is to prevent set-top-box hijacking and unauthorized sharing / distribution of a satellite programming. Security Explorations discovered several security weaknesses in the implementation of the chipset pairing functionality used by the aforementioned devices. This is the first time, real malware threat is being demonstrated in the context of a digital satellite TV platform. This is also the first time successful attack against digital satellite set-top-box equipment implementing Conax conditional access system with advanced cryptographic pairing function is presented. The attack is achieved regardless of the fact that all Conax Pairing set-top boxes / secure DVB chipsets undergo a "rigorous evaluation and testing regime" [5]. More information about this project can be found at: http://www.security-explorations.com/en/SE-2011-01.html Best Regards Adam Gowdiak --------------------------------------------- Security Explorations http://www.security-explorations.com "We bring security research to the new level" --------------------------------------------- References: [1] Digital satellite platform "N" (http://n.pl) [2] Conax AS (http://www.conax.com/)[3] Conditional Access System (http://en.wikipedia.org/wiki/Conditional_access_system) [4] Conax chipset pairing (http://www.conax.com/en/solutions/advancedsecurity/) [5] Conax Client Device Security (http://www.conax.com/en/solutions/clientdevicesecurity/)
Current thread:
- [SE-2011-01] Security vulnerabilities in a digital satellite TV platform Security Explorations (Jan 03)
- Message not available
- Re: [SE-2011-01] Security vulnerabilities in a digital satellite TV platform Security Explorations (Jan 04)
- Message not available
- Re: [SE-2011-01] Security vulnerabilities in a digital satellite TV platform Security Explorations (Jan 09)