Satellite Feed Hacking – Your Data Isn’t Private!

Outsmart Malicious Hackers


Hardware hacking is an interesting area and something not too many people get into as the soldering irons, capacitors and chipsets seem daunting. I did have a play around with cable boxes and satellite feeds in my earlier years and was surprised to find how insecure they were.

Most traffic is transmitted unencrypted, the stuff that is encrypted generally uses very weak algorithms or isn’t even encrypted – it’s just encoded (BASE64 etc).

Hacker Adam Laurie has spent a lot of time hacking away at Satellite feeds and has become quite a subject matter expert.

White-hat hacker Adam Laurie knows better than to think email, video-on-demand, and other content from Sky Broadcasting and other satellite TV providers is a private matter between him and the company. That’s because he’s spent the past decade monitoring satellite feeds and the vast amount of private information they leak to anyone with a dish.

“Looking at what kind of data you can see being broadcast, some of that is quite surprising,” he says. “Things you would expect to be secure turn out not to be secure. The most worrying thing is you can just see all this data going by.”

Using off-the-shelf components Laurie assembled himself, it’s not hard for him to spot private emails in transit, web browsing sessions, and live stock market data that’s not supposed to be available for free. The most unforgettable thing he’s seen came in 1997, when television reporters in Paris used unsecured feeds to beam back what was supposed to be closed-circuit coverage of Princess Diana’s death to a UK television network.

Laurie presented his findings at the Blackhat con yesterday, there is no whitepaper, audio or tool available for download yet but you can grab the presentation slides here [PDF].

There has been research done by other hackers on the same subject (Jim Geovedi, Raditya Iryandi, and Anthony Zboralski) and they have exposed similar flaws, you can read the paper they published here [PDF].

Hacking into satellite receivers is a lot easier now than it used to be, thanks to their wide-spread embrace of Linux. In the old days, he had to build dedicated hardware to monitor transmissions. Now, Laurie’s Dreambox has an ethernet interface and its own shell, making it a snap to pipe its feed into a laptop. From there, he can analyze packets using standard programs such as Wireshark.

Other equipment includes a 1-meter dish and a diseq motor to point it at particular satellites. The cost of the gear is under $1,000.

Laurie has also developed software that analyzes hundreds of channels to pinpoint certain types of content, including traffic based on TCP, UDP, or SMTP. The program offers a 3D interface that allows the user to quickly isolate email transmissions, web surfing sessions, or television feeds that have recently been set up.

“The visualization technique makes it easy to spot things that are trying not to be spotted,” Laurie says.

Sounds like some pretty fancy software with some neat visualization allowing you to quickly pinpoint the data you are interested in, I hope he publishes it – or at least gives it a good demo so we can see how it works.

The slides gives an idea of what he’s been up to and how easy it is now with a modified Dreambox, I’ll be looking out for more info!

Source: The Register

Posted in: Hardware Hacking, Legal Issues, Privacy

, , ,


Latest Posts:


OSSIM Download - Open Source SIEM Tools & Software OSSIM Download – Open Source SIEM Tools & Software
OSSIM is a popular Open Source SIEM or Security Information and Event Management (SIEM) product, providing event collection, normalization and correlation.
What You Need To Know About KRACK WPA2 Wi-Fi Attack What You Need To Know About KRACK WPA2 Wi-Fi Attack
The Internet has been blowing up in the past week about the KRACK WPA2 attack that is extremely widespread and is a flaw in the Wi-Fi standard itself.
Spaghetti Download - Web Application Security Scanner Spaghetti Download – Web Application Security Scanner
Spaghetti is an Open-source Web Application Security Scanner, it is designed to find various default and insecure files, configurations etc.
Taringa Hack - 27 Million User Records Leaked Taringa Hack – 27 Million User Records Leaked
The Taringa hack is actually one of the biggest leaks of the year with 27 million weakly hashed passwords breached, but it's not often covered in the West.
A2SV - Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed A2SV – Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed
A2SV is a Python-based SSL Vulnerability focused tool that allows for auto-scanning and detection of the common and well-known SSL Vulnerabilities.
VHostScan - Virtual Host Scanner With Alias & Catch-All Detection VHostScan – Virtual Host Scanner With Alias & Catch-All Detection
VHostScan is a Python-based virtual host scanner that can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.


2 Responses to Satellite Feed Hacking – Your Data Isn’t Private!

  1. supralova February 20, 2009 at 2:46 pm #

    Good!!! :)

  2. cyclopea February 25, 2009 at 1:06 pm #

    this site is very informative and usefull too,i learned a lot from here, keep up the good work guys…god speed….