From: InfoSec News (alertsinfosecnews.org)
Date: Wed Jan 07 2009 - 00:09:36 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.cable360.net/ct/news/scte/33364.html

By Jonathan Tombes
Communications Technology
January 6, 2009

With confidence in conditional access (CA) technology on the wane after
publicized exposures of satellite TV smart cards, one vendor is touting
an approach that promises to protect existing CA.

The technology could even revive the cable industry's stalled efforts to
craft a common downloadable CA system (DCAS).

Star hacker

Exhibit A for smart card vulnerability is a June 2008 Wired.com
conversation with celebrated hacker Chris Tarnovsky.

A figure in a corporate espionage lawsuit between News Corp. subsidiary
NDS and Dish Network (formerly Echostar Communications) that erupted
last April and May, Tarnovsky had remained for several years on the News
Corp. payroll after building a device called a "stinger" that could
communicate with any smart card, Echostar's included.

The Wired interview of Tarnovsky, who founded Flylogic Engineering in
April 2007 to perform hardware and software security analysis of
semiconductors, took place in his San Diego laboratory.

Posted on YouTube, the video (click here [1]) shows Tarnovsky using
common acids to expose the card's circuitry, scratching a tiny hole
within the chip's data bus region, "listening" to sequential samples of
the device's eight-bit bus and then describing further possible
interactions with it.

"I could actually send a management message, for example, into the chip,
and eavesdrop everything the chip did to decrypt the message," Tarnovsky
said.

[1] http://www.youtube.com/watch?v=tnY7UVyaFiQ

[...]

_______________________________________________
Please help InfoSecNews.org with a donation!
http://www.infosecnews.org/donate.html

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]