The company hopes their research will help the security community and vendors

Mar 21, 2013 14:40 GMT  ·  By
Security Explorations publishes details of digital satellite TV vulnerabilities
   Security Explorations publishes details of digital satellite TV vulnerabilities

Over the past few months, Poland-based Security Explorations has been in the news because of the vulnerabilities they’ve identified in Oracle’s Java SE.

However, the company has also done some interesting research regarding the security issues that plague the field of digital satellite TV, particularly set-top boxes and chipsets.

Over one year has passed since they reported their discoveries to manufacturers, but unfortunately, many of the companies they’ve contacted – such as Advanced Digital Broadcast, STMicroelectronics, and Conax AS – haven’t provided them with any status updates.

Adam Gowdiak, the CEO of Security Explorations, has told Softpedia in an email that they’ve retested some of the newer products and have found that some of the attack vectors are blocked by the new software versions, but without any confirmation from the vendor, the experts can’t be certain if much progress has been made.

A new digital satellite TV platform, NC+, has been launched in Poland and the equipment and technology it’s using comes from some of the vendors whose products have been affected by security holes.

“We take the above as a perfect opportunity to verify whether these vendors had learned anything from the results of our 1.5 years long research,” Gowdiak noted.

“We assume that they have and that in particular: all of security issues discovered as part of our SE-2011-01 project have been properly resolved; new equipment is considerably harder to hack or use for any SAT TV piracy purposes.”

To come in the aid of the security community and professionals involved in the development of digital satellite TV ecosystems, Security Explorations has released the proof-of-concept code they’ve made as part of this project.

We’ve asked Gowdiak if they plan on performing additional tests on the devices used by the newly-launched NC+, but the expert says they don’t.

“Working with companies that openly deny security vulnerabilities found in their products and that show no respect to security researchers that actually helped improve security of these products is not what we are interested to pursue,” he said.

The POC is available on Security Exploration’s official website, here.