[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [SE-2011-01] Security vulnerabilities in a digital satellite TV platform

On 1/4/2012 12:43 AM, Jann Horn wrote:
Could this also be used in order to get access to a LAN from the outside,
e.g. in order to manipulate ARP tables and thereby gain access to all
unencrypted network traffic? Or is that usually impossible because of how
the set-top box is connected?

We haven't verified whether local LAN could be sniffed or ARP tables of other
hosts manipulated. We focused on the ability to sniff http and https traffic
originating from the set-top box as they were in particular interesting for
us. And we did this sniffing at the middleware level by intercepting certain
API calls, not at the OS/raw socket level.

Taking into account set-top box's OS type and its available API interfaces, we expect that raw network access (listening for and sending raw TCP/IP packets)
should be however possible.


Best Regards,
adam gowdiak