[SE-2011-01] Security of SAT TV set-to-boxes and DVB chipsets (details released)
- From: Security Explorations <contact@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 28 May 2012 14:12:06 +0200
On 24 May 2012, Security Explorations delivered two talks at Hack In
The Box Security Conference in Amsterdam  where we disclosed details
pertaining to our 1.5 years long research project verifying security
of a digital satellite TV platform (project SE-2011-01).
Updated (minor error corrections) presentation slides for these talks
are available for download from our website:
Along with that, we have also updated our FAQ and PoC pages with so
far undisclosed details pertaining to the vulnerabilities details
and their estimated impact:
As we received inquiries regarding the actual impact of the issues
found in DVB chipsets (we provided the number of 541 millions of
chips released to the market by STMicroelectronics during our HITB
talk), we would like to quote our FAQ in order to make some things
more clear with respect to that topic:
"Some sources  state that a cumulative total of more than 400
million MPEG-2 and MPEG-4 decoder chips used worldwide in STBs, digital
television sets and DVD/Bluray players were shipped to the market by
STMicroelectronics (as of 2007). STMicroelectronics own sources 
mention 541 millions as the number of these chipsets released to the
market in 2008. They also speak about the company as #1 chipset vendor
in H.264 market (68% of market share in 2008). It is however very
difficult for us to provide any precise number with respect to how many
of these chips are actually vulnerable to the issues found. What we
know is that we discovered security issues in Gen-1 (STi7100) and Gen-2
(STi7111) chipsets. This means that some other chipsets from these
generations could be vulnerable to the issues found (such as STi7101,
STi7109 sharing same SoC architecture with vulnerable STi7100). But
again, DVB chipset vendor should make a final verdict in that case.
Since on Jan-17-2012, STMicrolectronics informed us that no confidential
information would be disclosed to Security Explorations in response to
our impact inquiry questions, we suggest that all interested parties
(customers, journalists, etc.) contact STMicroelectronics company
directly for any impact related inquiries."
We hope that the published material is interesting not only for those
from a digital satellite TV ecosystem. The first talk might potentially
interest those dealing with malware as it discusses malware threats in
the context of a novel platform such as digital satellite TV set-to-boxes.
The second talk might be interesting for those working with hardware
based security as it discloses details of critical security issues found
in system-on-chip (SoC) chipsets.
"We bring security research to the new level"
 Hack In The Box Security Conference 2012 Amsterdam
 World Leader in Set-Top Box Chips Passes MPEG-Decoder Shipment Milestone
 Multimedia Convergence & ACCI Sector Overview, Philippe Lambinet, STMicroelectronics