Millions of Satellite Receivers are Low-Hanging Fruit for Botnets

Satellite television is prevalent in Europe and Northern Africa. This is delivered through a Set Top Box (STB) which uses a card reader to decode the scrambled satellite signals. You need to buy a card if you want to watch. But you know how people like to get something for nothing. This is being exploited by hackers and the result is millions of these Set Top Boxes just waiting to form into botnets.

This was the topic of [Sofiane Talmat’s] talk at DEF CON 23. He also gave this talk earlier in the week at BlackHat and has published his slides (PDF).

stb-hardwareThe Hardware in Satellite receivers is running Linux. They use a card reader to pull in a Code Word (CW) which decodes the signal coming in through the satellite radio.

An entire black market has grown up around these Code Words. Instead of purchasing a valid card, people are installing plugins from the Internet which cause the system to phone into a server which will supply valid Code Words. This is known as “card sharing”.

On the user side of things this just works; the user watches TV for free. It might cause more crashes than normal, but the stock software is buggy anyway so this isn’t a major regression. The problem is that now these people have exposed a network-connected Linux box to the Internet and installed non-verified code from unreputable sources to run on the thing.

[Sofiane] demonstrated how little you need to know about this system to create a botnet:

  • Build a plugin in C/C++
  • Host a card-sharing server
  • Botnet victims come to you (profit)

It is literally that easy. The toolchain to compile the STLinux binaries (gcc) is available in the Linux repos. The STB will look for a “bin” directory on a USB thumb drive at boot time, the binary in that folder will be automatically installed. Since the user is getting free TV they voluntarily install this malware.

Click through for more on the STB Hacks.

Continue reading “Millions of Satellite Receivers are Low-Hanging Fruit for Botnets”

Cheap USB Control for your Telescope

There’s many complex systems for automatically pointing a telescope at an object in the sky, but most of them are too expensive for the amateur astronomer. [Kevin]’s Arduino ST4 interface lets you connect your PC to a reasonably priced motorized telescope mount, without ripping it apart.

The ST4 port is a very basic interface. There’s one pin per direction that the mount can move, and a common pin. This port can be added to just about any motorized mount with some modification to the controller. To connect to an Arduino, a TLP521-4 quad optoisolator is used. This keeps the Arduino and PC fully isolated from the motor circuits. but lets the Arduino take control of the mount.

With the hardware in place, [Kevin] cranked out some software which is available on Google Code. A simple Arduino sketch provides the USB interface, and a custom driver allows the ASCOM Platform to control the mount. Since many astronomy software tools support ASCOM, this allows the mount to be controlled by existing software.

With the interface in place, the mount can be used to find objects (GOTO) and automatically follow them with high accuracy (autoguiding). You can watch the telescope move on its own after the break.

Continue reading “Cheap USB Control for your Telescope”