Polski

SRP-2018-02 Press Info

03 June 2018, Poznan, Poland

Security Explorations breaks security of ADB [1] set-top-box devices used by a Polish digital satellite TV provider NC+ [2].

The company discovered 3 vulnerabilities in ADB and STLinux software used by ITI-2849ST and ITI-2850ST set-top-boxes. The weaknesses make it possible to gain full administrative access (JVM / OS root, kernel level access) to NC+ devices from the network.

This is yet another successful compromise of set-top-box devices used by the operator. In 2012, Security Explorations discovered more than 30+ vulnerabilities in the security of the platform [3][4]. This included 3 severe vulnerabilities in STMicroelectronics chipsets [5][6] used to secure premium PayTV content against TV piracy.

The recent discovery again exposes inadequate security level of ADB set-top-box devices [7][8]. Regardless of Security Explorations' recommendation [9], security of investigated ADB set-top-boxes has not been hardened / improved much beyond the addressing of the issues reported 6 years ago.

Security Explorations' research also proves that NC+ platform still relies on and has in its offer set-top-box devices vulnerable to STMicroelectronics flaws. This is in contrary to the requirements of the agreements signed by the operator with various providers of a premium PayTV content [10].

Access to the results of Security Explorations' research are available on a commercial basis as part of company's Security Research Program [11].

The SRP-2018-02 research material includes full technical details of newly discovered vulnerabilities and their exploitation techniques.

It has a form of a software framework making it possible to gain access to vulnerable set-top-box device (accompanying the material) and research security of SlimCORE / TKD Crypto cores of STi7111 DVB chipset in the environment of a real-life digital satellite TV platform (NC+).

More details regarding the content and pricing of SRP-2018-02 research can be found in its official leaflet [12].

References:

  1. [1] ADB (https://www.adbglobal.com/)
  2. [2] NC+ (https://ncplus.pl/)
  3. [3] SE-2011-01 Security weaknesses in a digital satellite TV platform
    (http://www.security-explorations.com/en/SE-2011-01.html)
  4. [4] Security threats in the world of digital satellite television
    (http://www.security-explorations.com/materials/se-2011-01-hitb1.pdf)
  5. [5] SE-2011-01 Issues #17-19
    (http://www.security-explorations.com/materials/se-2011-01-st.pdf)
  6. [6] The origin and impact of security vulnerabilities in ST chipsets
    (http://www.security-explorations.com/materials/se-2011-01-st-impact.pdf)
  7. [7] SE-2011-01 Issues #5-16,#25-32
    (http://www.security-explorations.com/materials/se-2011-01-adb.pdf)
  8. [8] NC+ Multiroom service bypass
    (http://www.security-explorations.com/materials/se-2011-01-33.pdf)
  9. [9] Security vulnerabilities of Digital Video Broadcast chipsets, slide 73
    (http://www.security-explorations.com/materials/se-2011-01-hitb2.pdf)
  10. [10] SE-2011-01 Vendors status, 23-Feb-2018
    (http://www.security-explorations.com/en/SE-2011-01-status.html)
  11. [11] Security Research Program (SRP) (http://www.security-explorations.com/en/srp.html)
  12. [12] SRP-2018-02 leaflet (http://www.security-explorations.com/materials/SRP-2018-02.pdf)


Copyright 2008-2018 Security Explorations. All Rights Reserved.