Hackers of India

Security vulnerabilities in DVB-C networks: Hacking Cable tV network part 2

By  Rahul Sasi  on 29 Oct 2014 @ Ekoparty


Presentation Material

Presentation

Hacking cable TV Networks Like Die hard Movie from Rahul Sasi

Video


 

Abstract

DVB-C stands for “Digital Video Broadcasting - Cable” and it is the DVB European consortium standard for the broadcast transmission of digital television over cable. This system transmits an MPEG-2 or MPEG-4 family digital audio/digital video stream, using a QAM modulation with channel coding. The standard was first published by the ETSI in 1994, and subsequently became the most widely used transmission system for digital cable television in Europe. source: http://en.wikipedia.org/wiki/DVB-C We been working with a Cable TV service provide for the past 1 year. With digital cable tv implementations, the transmited MPEG streams are encrypted/scrambled and users needs a setup box to de-scramble/decode the streams. Also service providers can shut down a device remotely if (no payment) or even display a custom text message that will scroll on top of a video. This is made possible by Middleware servers or applications servers that are used to manage the DVM networks. So in our talks we cover the various attacks we can do on DVB-C infrastructure. That will include the following topics. 1) Security Vulnerabilities in DVB-C middleware servers. [Hijacking a TV stream] 2) Implementation bugs in DVB-C network protocol .[Man in the Middle Attacks] 3) Fuzzing setup boxes via MPEG streams. [Shutting down Setup boxes] 4) Demo taking over your Cable TV BroadCasting.

AI Generated Summarymay contain errors

Here is a summary of the content:

The speaker discusses two bugs in digital cable networks that can be exploited by attackers.

  1. The first bug involves modifying the byte headers in the transmission channel to make the setup box think the incoming stream is not encrypted. This allows an attacker to perform a man-in-the-middle (MITM) attack and inject their own signals into the stream.

  2. The second bug involves exploiting the Digital Storage Media Command and Control (DSMCC) protocol used by setup boxes to update firmware. An attacker can create a custom firmware with malicious code, for the setup box to install during an auto-update process.

The speaker demonstrates how these bugs can be combined to compromise digital cable networks. They show how they replaced the service provider’s logo on the TV screen with their own image and crafted a custom firmware that would be installed by the setup box during the update process. This could potentially allow attackers to compromise large numbers of setup boxes simultaneously.

The speaker notes that there are other bugs in the system that have not been fixed,201but are not allowed to discuss them publicly.