[ISN] How to Harden CA and Become Less Insecure

From: InfoSec News <alerts_at_private>
Date: Wed, 7 Jan 2009 00:09:36 -0600 (CST)
http://www.cable360.net/ct/news/scte/33364.html

By Jonathan Tombes
Communications Technology
January 6, 2009

With confidence in conditional access (CA) technology on the wane after 
publicized exposures of satellite TV smart cards, one vendor is touting 
an approach that promises to protect existing CA.

The technology could even revive the cable industry's stalled efforts to 
craft a common downloadable CA system (DCAS).


Star hacker

Exhibit A for smart card vulnerability is a June 2008 Wired.com 
conversation with celebrated hacker Chris Tarnovsky.

A figure in a corporate espionage lawsuit between News Corp. subsidiary 
NDS and Dish Network (formerly Echostar Communications) that erupted 
last April and May, Tarnovsky had remained for several years on the News 
Corp. payroll after building a device called a "stinger" that could 
communicate with any smart card, Echostar's included.

The Wired interview of Tarnovsky, who founded Flylogic Engineering in 
April 2007 to perform hardware and software security analysis of 
semiconductors, took place in his San Diego laboratory.

Posted on YouTube, the video (click here [1]) shows Tarnovsky using 
common acids to expose the card's circuitry, scratching a tiny hole 
within the chip's data bus region, "listening" to sequential samples of 
the device's eight-bit bus and then describing further possible 
interactions with it.

"I could actually send a management message, for example, into the chip, 
and eavesdrop everything the chip did to decrypt the message," Tarnovsky 
said.

[1] http://www.youtube.com/watch?v=tnY7UVyaFiQ

[...]


_______________________________________________      
Please help InfoSecNews.org with a donation!
http://www.infosecnews.org/donate.html
Received on Tue Jan 06 2009 - 22:09:36 PST

This archive was generated by hypermail 2.2.0 : Tue Jan 06 2009 - 22:12:35 PST