Back to list
[SE-2011-01] PoC code for digital SAT TV research released
Mar 21 2013 01:30PM
Security Explorations (contact security-explorations com)
Last year, we disclosed information pertaining to security issues
discovered as a result of our digital satellite TV research .
It's been over a year and we haven't received  information with
respect to the status and impact of the vulnerabilities found in:
- digital satellite TV set-top-boxes produced by Advanced Digital
- DVB / MPEG chipsets manufactured by STMicroelectronics .
We haven't received important information from Conax AS  either.
This in particular concerns a final security level assigned by the
company to set-top boxes and secure DVB chipsets evaluated as part
of Conax security / evaluation process. Conax "rigorous evaluation
and testing regime"  missed serious security vulnerabilities
potentially affecting 540 millions  of DVB / MPEG chipsets.
Today, a new digital satellite TV platform starts in Poland. It is
called NC+  and it is apparently based on equipment / technology
coming from several vendors, which were affected by security issues
found as part of SE-2011-01 project.
We take the above as a perfect opportunity to verify whether these
vendors had learned anything from the results of our 1.5 years long
research. We assume that they have and that in particular:
- all of security issues discovered as part of our SE-2011-01 project
have been properly resolved,
- new equipment is considerably harder to hack or use for any SAT TV
We decided to release our Proof of Concept code developed as part of
SE-2011-01 project . Its source code is is available for download
from the following location:
We believe that the security community and professionals involved in
a development of digital satellite TV ecosystems should benefit the
most from the release of our Proof of Concept code.
"We bring security research to the new level"
 SE-2011-01 Security weaknesses in a digital satellite TV platform
 SE-2011-01 Vendors status
 Advanced Digital Broadcast
 Conax AS
 Conax Security Evaluation Scheme
 Multimedia Convergence & ACCI Sector Overview, Philippe Lambinet,
 NC+ Digital Satellite TV Plaform
 SE-2011-01 Proof of Concept Code (technical information)
[ reply ]
Copyright 2010, SecurityFocus