Satellite television is prevalent in Europe and Northern Africa. This is delivered through a Set Top Box (STB) which uses a card reader to decode the scrambled satellite signals. You need to buy a card if you want to watch. But you know how people like to get something for nothing. This is being exploited by hackers and the result is millions of these Set Top Boxes just waiting to form into botnets.
This was the topic of [Sofiane Talmat’s] talk at DEF CON 23. He also gave this talk earlier in the week at BlackHat and has published his slides (PDF).
The Hardware in Satellite receivers is running Linux. They use a card reader to pull in a Code Word (CW) which decodes the signal coming in through the satellite radio.
An entire black market has grown up around these Code Words. Instead of purchasing a valid card, people are installing plugins from the Internet which cause the system to phone into a server which will supply valid Code Words. This is known as “card sharing”.
On the user side of things this just works; the user watches TV for free. It might cause more crashes than normal, but the stock software is buggy anyway so this isn’t a major regression. The problem is that now these people have exposed a network-connected Linux box to the Internet and installed non-verified code from unreputable sources to run on the thing.
[Sofiane] demonstrated how little you need to know about this system to create a botnet:
- Build a plugin in C/C++
- Host a card-sharing server
- Botnet victims come to you (profit)
It is literally that easy. The toolchain to compile the STLinux binaries (gcc) is available in the Linux repos. The STB will look for a “bin” directory on a USB thumb drive at boot time, the binary in that folder will be automatically installed. Since the user is getting free TV they voluntarily install this malware.
Click through for more on the STB Hacks.
Continue reading “Millions of Satellite Receivers are Low-Hanging Fruit for Botnets”
Would you believe that some people think the internet is a time waster? Well, not at this particular address of course, but we can think of some other sites that are absolute rabbit holes without so much as a rousing game of croquet at the bottom. If you need help achieving what Tim Ferriss dubbed a Low Information Diet, there are browser extensions that will block your access to sites that keep you from getting things done. [Ivan’s girlfriend] has taken this time management tack seriously and even created a simple web page that states “Don’t Waste Your Time!” that will show if she tries to get to Facebook.
There’s one small problem with all this, and it’s been around for a long time. [Ivan’s girlfriend] still watches TV. Out of love and respect for her goals, he decided to prank her by blocking her TV viewing. In a delightful twist, the TV will display her own web page to her after 30 seconds.
They have digital and analog TVs, so he had to set up both in order to cover his bases. The digital TV is a monitor fed from a set-top box with HDMI out. As the STB can only be controlled via IR remote, [Ivan] used an HDMI switch to change from the STB input to a Raspi that will display the reprimanding web page and play Pink Floyd’s “Time“.
The analog TV took slightly more doing. He put a Raspi on the AV input, but connected it from the inside so nothing looked suspicious. The Raspi checks the TV status every second and switches to the Pi once the TV is on. Same deal: judgmental web page, Pink Floyd. The beauty part is that both of [Ivan]’s setups also record her reaction; the digital TV uses a dash camera and the analog uses an Android phone. Check out [Ivan]’s tour of the analog TV Pi after the break.
If you or [Ivan’s girlfriend] need even more time management help, there’s always the roll-your-own-Pomodoro timer.
Continue reading “Black Mirror, Black Hole: Kill Your Television”
We’re really starting to enjoy the home entertainment control hacks which use a universal receiver to act on commands from any remote. This one is especially interesting as it uses a single remote to control the system but rolls in lots of extras.
Looking at the receiver itself the white plastic dome of the PIR sensor should raise an eyebrow. Since the cable box takes a while to turn on [Ivan] included the motion sensor to switch that component on when you walk into the room. This way it’ll be ready to go by the time you sit down. It does this by sending IR signals from the PIC32 dev board. Of course the board has its own receiver to listen for the remote control commands. The remote buttons have been mapped a bit differently than originally intended. You can see in the diagram above that the normal VCR/DVD/DVR buttons have been set to control the room’s LED strips. There’s even a power consumption monitor rolled into the project. All of these features are demonstrated in the clip after the break.
This is a nearly perfect base setup. But we’d love to see it with a web interface at some point in the future.
Continue reading “Eloquent universal receiver for your home entertainment equipment”