![]() ![]() and he get’s a friggin 6MS/s down on the paper, only that it’s more like 2MS/s normally. My father lives in a ~100kPeople part of an 1.6MPeople city. So, ok, I have 16Mb/s up and 2Mb/s down, living in a ~300kPeople city. Posted in cons, home entertainment hacks, Security Hacks, Slider Tagged botnet, defcon 23, satellite, st4, stb, stlinux, television Post navigation You also have the opportunity to ask questions and it’s less likely people will be asking questions just to hear themselves talk (which happens far too often here). You’ll get a much grittier explanation and demonstration of the hacks than on the highly-polished “Track” talks. This a great example of why you should take these talks seriously. This talk was presented in the IoT villiage, not on a main stage. Even if you don’t want to use a card sharing service, the device can be compromised just by being connected to the Internet. The BusyBox build running on the demo machine was from 2012 and has multiple known vulnerabilities. The most laughable vulnerability for me is that updates from the manufacturer don’t do anything to patch or improve the OS, they’re 100% user experience updates. There are no firewalls, there are secondary root accounts (backdoors), there are FTP servers running by default with root privileges and no password. In addition to this easy exploit, the boxes are broken by design anyway. The assumption is that these are carrying different malware payloads. researched the “same” software package for card sharing across many download sites on the internet and there were multiple different checksums. Here’s a prime example of why you always want to verify the checksum when you download software to install on your own system. Since the user is getting free TV they voluntarily install this malware. The STB will look for a “bin” directory on a USB thumb drive at boot time, the binary in that folder will be automatically installed. The toolchain to compile the STLinux binaries (gcc) is available in the Linux repos. demonstrated how little you need to know about this system to create a botnet: The problem is that now these people have exposed a network-connected Linux box to the Internet and installed non-verified code from unreputable sources to run on the thing. It might cause more crashes than normal, but the stock software is buggy anyway so this isn’t a major regression. On the user side of things this just works the user watches TV for free. Instead of purchasing a valid card, people are installing plugins from the Internet which cause the system to phone into a server which will supply valid Code Words. They use a card reader to pull in a Code Word (CW) which decodes the signal coming in through the satellite radio.Īn entire black market has grown up around these Code Words. The Hardware in Satellite receivers is running Linux. He also gave this talk earlier in the week at BlackHat and has published his slides (PDF). This was the topic of talk at DEF CON 23. This is being exploited by hackers and the result is millions of these Set Top Boxes just waiting to form into botnets. ![]() But you know how people like to get something for nothing. You need to buy a card if you want to watch. This is delivered through a Set Top Box (STB) which uses a card reader to decode the scrambled satellite signals. Satellite television is prevalent in Europe and Northern Africa. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |