EN PR 003 – Researcher to Disclose Crippling Security Flaws in Satellite TV and Digital Video Broadcast Systems Worldwide

Amsterdam, The Netherlands, 7 March 2012 – A well-known Polish security researcher has discovered major security flaws in digital satellite TV set-top-boxes and DVB chipsets used by many satellite TV providers worldwide. The research done by Adam Gowdiak reveals that a combination of security issues present in software, hardware and services from multiple vendors can have a devastating impact on the security of modern digital satellite TV platforms. Gowdiak will be presenting this research in two talks at the third annual Hack In The Box Security Conference in Amsterdam in May (21st – 25th @ Okura Hotel).

In research spanning over one and a half years, Gowdiak has discovered over 20 security issues in the environment of one of the biggest satellite TV operators in Poland. Gowdiak aims to demonstrate that a novel platform such as digital satellite TV set-top-boxes is not immune to hacking and can be infected with malware in the very same way as computers these days – automatically and without user interaction.

The research reveals that well constructed malware can break the security of silicon chips implementing advanced security mechanisms in these set-top-boxes. Gowdiak has verified that this can result in the illegal sharing of encrypted satellite TV programming over the Internet with other, non-paying users.

“Security Explorations’ presentations at HITB2012 Amsterdam will be unique for two reasons. It will be the first ever discovery and disclosure of real malware threats in the context of the digital satellite TV platform,” said Adam Gowdiak, Founder and CEO of Security Explorations.

“And this will also be the first ever successful attack documented against digital satellite set-top-box equipment implementing Conax Conditional Access System with advanced cryptographic pairing function,” he continued. Security mechanisms such as Conax Conditional Access System is widely used for protection against hijacking and illegal sharing / distribution of premium and paid content.

Gowdiak is not a new name in the security industry. Also known as the man who brought Microsoft Windows to its knees in 2003, he was part of well-known research group The Last Stage of Delirium or LSD which uncovered a devastating attack in all Microsoft Windows versions at that time. Over the years, he uncovered over 50 security issues in key Java technologies such as J2SE and was the first in the world to present a successful and widespread attack against the mobile Java platform J2ME, potentially affecting over 250 million devices worldwide.

For more information on HITBSecConf2012 – Amsterdam and to register, please see: http://conference.hitb.nl/hitbsecconf2012ams/