Re: [SE-2011-01] Security vulnerabilities in a digital satellite TV platform Jan 04 2012 01:34AM
Security Explorations (contact security-explorations com)

> On 1/4/2012 12:43 AM, Jann Horn wrote:
> Could this also be used in order to get access to a LAN from the outside,
> e.g. in order to manipulate ARP tables and thereby gain access to all
> unencrypted network traffic? Or is that usually impossible because of how
> the set-top box is connected?

We haven't verified whether local LAN could be sniffed or ARP tables of
hosts manipulated. We focused on the ability to sniff http and https traffic
originating from the set-top box as they were in particular interesting for
us. And we did this sniffing at the middleware level by intercepting certain
API calls, not at the OS/raw socket level.

Taking into account set-top box's OS type and its available API
interfaces, we
expect that raw network access (listening for and sending raw TCP/IP
should be however possible.


Best Regards,
adam gowdiak

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus