[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] [SRP-2018-01] Reverse engineering tools for ST DVB chipsets (public release)

To: bugtraq@xxxxxxxxxxxxxxxxx, fulldisclosure@xxxxxxxxxxxx
Subject: [FD] [SRP-2018-01] Reverse engineering tools for ST DVB chipsets (public release)
From: Security Explorations <contact@xxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Fri, 08 Jun 2018 09:16:19 +0200


Hello All,

We have decided to release to the public domain our SRP-2018-01 security
research project related to the security of STMicroelectronics chipsets.

The research material (70+ pages long technical paper accompanied by two
reverse engineering tools) can be downloaded from the SRP section of our
portal (Past SRP materials):

http://www.security-explorations.com/en/srp.html

The release of SRP-2018-01 is a direct consequence of the following:
1) no response to our inquiries regarding the impact of ST issues from
   a SAT TV ecosystem [1] (STMicroelectronics, NC+, Canal+, Vivendi),
2) no will to provide assistance to obtain information pertaining to
   the impact and addressing [2] of the issues from STMicroelectronics,
   we asked for help CERT-FR (French governmental CSIRT), IT-CERT (CERT
   Nazionale Italia) and US-CERT (US government CERT), but all of them
   stopped responding to our messages [1],
3) a statement received from a major vendor in a SAT TV CAS / security
   field indicating that its "goal is to remove the marketplace from
   our materials",
4) us completely breaking security of ADB [3] set-top-boxes in use by
   NC+ SAT TV platform (Canal Digital makes use of similar boxes) and
   gaining access to vulnerable ST chipsets again [4] (we verified that
   6 years following the disclosure Canal+ owned NC+ still relies on /
   offers to customers STBs vulnerable to ST flaws, which likely violates
   security requirements of agreements signed with content providers).

In that context, we see no reason to continue keeping SRP-2018-01 material
under wraps.

Thank you.

Best Regards,
Adam Gowdiak

---------------------------------------------
Security Explorations
http://www.security-explorations.com
"We bring security research to a new level"
---------------------------------------------

References:
[1] SE-2011-01 Vendors status
    http://www.security-explorations.com/en/SE-2011-01-status.html
[2] The origin and impact of security vulnerabilities in ST chipsets
    http://www.security-explorations.com/materials/se-2011-01-st-impact.pdf
[3] ADB
    https://www.adbglobal.com/
[4] SRP-2018-02 Exploitation Framework for STMicroelectronics DVB chipsets
    http://www.security-explorations.com/materials/SRP-2018-02.pdf


_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Prev by Date: [FD] Ignite Realtime Openfire Version 3.7.1 Reflected Cross Site Scripting (CVE-2018-11688)
Next by Date: [FD] libpff 20180428 vulnerability
Previous by thread: Re: [FD] Ignite Realtime Openfire Version 3.7.1 Reflected Cross Site Scripting (CVE-2018-11688)
Next by thread: [FD] libpff 20180428 vulnerability
Index(es):
- Date
- Thread