lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <4F034030.90106@security-explorations.com>
Date: Tue, 03 Jan 2012 18:51:44 +0100
From: Security Explorations <contact@...urity-explorations.com>
To: bugtraq@...urityfocus.com
Subject: [SE-2011-01] Security vulnerabilities in a digital satellite TV platform


Dear Bugtraq,

The following information might be of interest for the readers of this
list.

Security Explorations, a security and vulnerability research company
from Poland, discovered multiple security vulnerabilities in the major
polish digital satellite platform "N" [1]. The most serious of the
24 weaknesses uncovered allows for a remote attack against network
connected, satellite set-top-box equipment and for the persistent and
automatic malware code installation on it. As a result, full control
over the vulnerable set-top-box devices can be gained by attackers,
which could conduct all sorts of malicious activities on them. This
in particular includes unauthorized capture and sharing of a digital
satellite TV signal with arbitrary (non-paying) audience.

The latter turned out to be possible regardless of the advanced security
mechanisms such as Conax conditional access system [2][3] with chipset
pairing [4] implemented by the investigated set-top-boxes (ITI5800S,
ITI5800SX, ITI2850ST, ITI2849ST). The goal of the chipset pairing is
to prevent set-top-box hijacking and unauthorized sharing / distribution
of a satellite programming.

Security Explorations discovered several security weaknesses in the
implementation of the chipset pairing functionality used by the
aforementioned devices.

This is the first time, real malware threat is being demonstrated in
the context of a digital satellite TV platform. This is also the first
time successful attack against digital satellite set-top-box equipment
implementing Conax conditional access system with advanced cryptographic
pairing function is presented. The attack is achieved regardless of
the fact that all Conax Pairing set-top boxes / secure DVB chipsets
undergo a "rigorous evaluation and testing regime" [5].

More information about this project can be found at:
http://www.security-explorations.com/en/SE-2011-01.html

Best Regards
Adam Gowdiak

---------------------------------------------
Security Explorations
http://www.security-explorations.com
"We bring security research to the new level"
---------------------------------------------

References:

[1] Digital satellite platform "N" (http://n.pl)
[2] Conax AS                       (http://www.conax.com/)
[3] Conditional Access System 
(http://en.wikipedia.org/wiki/Conditional_access_system)
[4] Conax chipset pairing 
(http://www.conax.com/en/solutions/advancedsecurity/)
[5] Conax Client Device Security 
(http://www.conax.com/en/solutions/clientdevicesecurity/)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ