Security Explorations' founder and CEO, Adam Gowdiak will give two talks at Hack In The Box Security Conference in Amsterdam [1] in May 2012. Both talks will disclose technical details pertaining to Security Explorations' 1.5 years long security research in the area of a digital satellite TV.
The first talk [2] will present security threats in the context of a novel platform such as digital satellite TV set-top-boxes. It will show that a combination of security issues present in software, hardware and services coming from different vendors can have a devastating impact on a security of a modern digital satellite TV platform. During the talk, technical details of about 20 security issues found in the environment of one of the biggest satellite TV operators in Poland will be discussed. This includes detailed discussion of a successful attack against Internet connected set-top-box devices allowing for the execution of arbitrary malware code on them.
The second talk [3] will be focused on a security of the premium content, such as TV channels and Video on Demand movies, broadcasted to the subscribers by a digital satellite TV provider. During this talk, information about the advanced security mechanisms such as Conax conditional access system with chipset pairing implemented by modern digital satellite TV set-top-boxes for the protection against set-top-box hijacking and illegal sharing / distribution of a premium, paid content will be given. The talk will also disclose technical details of several security weaknesses found in the implementation of the aforementioned mechanism used by the investigated set-top-box devices.
Security Explorations' presentations at Hack In The Box Security Conference in Amsterdam will be unique for two reasons. It will be the first time real malware threat will be presented in the context of a digital satellite TV platform. This will be also the first time successful attack against digital satellite set-top-box equipment implementing Conax conditional access system with advanced cryptographic pairing function will be disclosed.
More information about the topic of both presentations can be found at: http://www.security-explorations.com/en/tv_platform_general_info.html
Hack in the Box Security Conference (or HITBSecConf) is a highly technical security conference, held annually in both Asia & Europe, that aims to enable the dissemination, discussion & sharing of new, ground-breaking attack & defense techniques that have never been seen or discussed in public before. Since its 2002 launch in Malaysia, HITBSecConf has grown steadily in size & scope to become what it is today: the "must attend" event on the annual calendars of many of the world's best, most highly-regarded security professionals. HITBSecConf event in Malaysia sees over 1000 attendees, which includes security professionals, researchers, law enforcement and members of the hacker underground. This year, European edition of HITBSecConf will be held from May 21st to 25th in Amsterdam.
Security Explorations is a security start-up company from Poland, providing various services in the area of security and vulnerability research. The company came to life in a result of a true passion of its founder for breaking security of things and analyzing software for security defects. Adam Gowdiak is the company's founder and its CEO. Adam is an experienced Java Virtual Machine hacker, with over 50 security issues uncovered in the Java technology over the recent years. He is also the hacking contest co-winner and the man who has put Microsoft Windows to its knees (vide MS03-026). He was also the first one to present successful and widespread attack against mobile Java platform in 2004.