Researcher to Disclose Crippling Security Flaws in Satellite TV and Digital Video Broadcast Systems Worldwide

posted onMarch 7, 2012
by l33tdawg
http://en.wikipedia.org/wiki/Digital_Video_Broadcasting
Credit: http://en.wikipedia.org/wiki/Digital_Video_Broadcasting

L33tdawg: Adam's first talk will be on Security Threats in the World of Digital Satellite Television, in which he'll be showing off the functionality of his 34,000 lines long Proof of Concept code and 20+ 0days in the Polish satellite TV operator. Immediately following this will be even more brain melting kungf00 as he walks though Security Vulnerabilities of Digital Video Broadcast Chipsets, where he intends to show the process of reverse engineering the instruction set of a completely unknown processor core embedded inside a DVB chip along with the steps that lead to the discovery of security vulnerabilities in a chip’s design / implementation! Oh yeah! This is going to be absolutely brilliant! :) 

Amsterdam, The Netherlands, 7 March 2012 – A well-known Polish security researcher has discovered major security flaws in digital satellite TV set-top-boxes and DVB chipsets used by many satellite TV providers worldwide. The research done by Adam Gowdiak reveals that a combination of security issues present in software, hardware and services from multiple vendors can have a devastating impact on the security of modern digital satellite TV platforms. Gowdiak will be presenting this research in two talks at the third annual Hack In The Box Security Conference in Amsterdam in May (21st – 25th @ Okura Hotel).

In research spanning over one and a half years, Gowdiak has discovered over 20 security issues in the environment of one of the biggest satellite TV operators in Poland. Gowdiak aims to demonstrate that a novel platform such as digital satellite TV set-top-boxes is not immune to hacking and can be infected with malware in the very same way as computers these days – automatically and without user interaction.

The research reveals that well constructed malware can break the security of silicon chips implementing advanced security mechanisms in these set-top-boxes. Gowdiak has verified that this can result in the illegal sharing of encrypted satellite TV programming over the Internet with other, non-paying users.

“Security Explorations’ presentations at HITB2012 Amsterdam will be unique for two reasons. It will be the first ever discovery and disclosure of real malware threats in the context of the digital satellite TV platform,” said Adam Gowdiak, Founder and CEO of Security Explorations.

“And this will also be the first ever successful attack documented against digital satellite set-top-box equipment implementing Conax Conditional Access System with advanced cryptographic pairing function,” he continued. Security mechanisms such as Conax Conditional Access System is widely used for protection against hijacking and illegal sharing / distribution of premium and paid content.

Gowdiak is not a new name in the security industry. Also known as the man who brought Microsoft Windows to its knees in 2003, he was part of well-known research group The Last Stage of Delirium or LSD which uncovered a devastating attack in all Microsoft Windows versions at that time. Over the years, he uncovered over 50 security issues in key Java technologies such as J2SE and was the first in the world to present a successful and widespread attack against the mobile Java platform J2ME, potentially affecting over 250 million devices worldwide.

For more information on HITBSecConf2012 – Amsterdam and to register, please see: http://conference.hitb.nl/hitbsecconf2012ams/

Source

Tags

HITB DVB HITBSecConf HITB2012AMS Security Encryption Hardware

You May Also Like

Other Articles In This Section

Recent News

Tuesday, July 9th

China's APT40 gang is ready to attack vulns within hours or days of public release
AI-Powered Super Soldiers Are More Than Just a Pipe Dream
The president ordered a board to probe a massive Russian cyberattack. It never did.
Massive car dealer ransom attack is mostly over after 2 weeks of work-arounds

Wednesday, July 3rd

“RegreSSHion” vulnerability in OpenSSH gives attackers root on Linux
Two of the German military’s new spy satellites appear to have failed in orbit

Friday, June 28th

Indonesian Airports, Data Centres Hit By Worst Cyberattack in Years
Cisco Talos warns of wider security implications following Snowflake breach

Thursday, June 27th

I Wore Meta Ray-Bans in Montreal to Test Their AI Translation Skills. It Did Not Go Well
Researchers upend AI status quo by eliminating matrix multiplication in LLMs
YouTube tries convincing record labels to license music for AI song generator
Critical MOVEit vulnerability puts huge swaths of the Internet at severe risk
Julian Assange to plead guilty but is going home after long extradition fight

Thursday, June 13th

Hackers show off jailbroken checkm8-vulnerable iPad and Apple TV running iPadOS 18 & tvOS 18 respectively
One of the major sellers of detailed driver behavioral data is shutting down
Turkish student creates custom AI device for cheating university exam, gets arrested

Wednesday, June 12th

Chinese-Made Biometric Access System Has 24 Vulnerabilities
Apple and OpenAI currently have the most misunderstood partnership in tech
Adobe to update vague AI terms after users threaten to cancel subscriptions
China state hackers infected 20,000 Fortinet VPNs

Tuesday, June 11th

Russia Is Targeting Germany With Fake Information as Europe Votes
Apple announces macOS 15 Sequoia with window tiling, iPhone mirroring, and more
Apple integrates ChatGPT into Siri, iOS, and macOS
British police to scan 480,000 Formula 1 fans’ faces at Silverstone
Hackers steal “significant volume” of data from hundreds of Snowflake customers

Friday, June 7th

7,000 LockBit decryption keys now in the hands of the FBI, offering victims hope
FCC pushes ISPs to fix security flaws in Internet routing
Can a technology called RAG keep AI models from making stuff up?
How to Lead an Army of Digital Sleuths in the Age of AI

Thursday, June 6th

Mystery object waits nearly an hour between radio bursts
Apple refused to pay bug bounty to Russian cybersecurity firm Kaspersky Lab
Ex-Microsoft security expert torches Windows' new 'Recall' feature
The Age of the Drone Police Is Here

Wednesday, June 5th

Ukrainian Systems Hit by Cobalt Strike Via a Malicious Excel File
TikTok Hack Targets ‘High-Profile’ Users via DMs