| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 03 Jan 2012 18:51:44 +0100 From: Security Explorations <contact@...urity-explorations.com> To: bugtraq@...urityfocus.com Subject: [SE-2011-01] Security vulnerabilities in a digital satellite TV platform Dear Bugtraq, The following information might be of interest for the readers of this list. Security Explorations, a security and vulnerability research company from Poland, discovered multiple security vulnerabilities in the major polish digital satellite platform "N" [1]. The most serious of the 24 weaknesses uncovered allows for a remote attack against network connected, satellite set-top-box equipment and for the persistent and automatic malware code installation on it. As a result, full control over the vulnerable set-top-box devices can be gained by attackers, which could conduct all sorts of malicious activities on them. This in particular includes unauthorized capture and sharing of a digital satellite TV signal with arbitrary (non-paying) audience. The latter turned out to be possible regardless of the advanced security mechanisms such as Conax conditional access system [2][3] with chipset pairing [4] implemented by the investigated set-top-boxes (ITI5800S, ITI5800SX, ITI2850ST, ITI2849ST). The goal of the chipset pairing is to prevent set-top-box hijacking and unauthorized sharing / distribution of a satellite programming. Security Explorations discovered several security weaknesses in the implementation of the chipset pairing functionality used by the aforementioned devices. This is the first time, real malware threat is being demonstrated in the context of a digital satellite TV platform. This is also the first time successful attack against digital satellite set-top-box equipment implementing Conax conditional access system with advanced cryptographic pairing function is presented. The attack is achieved regardless of the fact that all Conax Pairing set-top boxes / secure DVB chipsets undergo a "rigorous evaluation and testing regime" [5]. More information about this project can be found at: http://www.security-explorations.com/en/SE-2011-01.html Best Regards Adam Gowdiak --------------------------------------------- Security Explorations http://www.security-explorations.com "We bring security research to the new level" --------------------------------------------- References: [1] Digital satellite platform "N" (http://n.pl) [2] Conax AS (http://www.conax.com/) [3] Conditional Access System (http://en.wikipedia.org/wiki/Conditional_access_system) [4] Conax chipset pairing (http://www.conax.com/en/solutions/advancedsecurity/) [5] Conax Client Device Security (http://www.conax.com/en/solutions/clientdevicesecurity/)
Powered by blists - more mailing lists