Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

[SE-2011-01] Security contact at Canal+ Group ?

From: Security Explorations <contact () security-explorations com>
Date: Tue, 03 Apr 2018 12:06:21 +0200

Hello All,

Over the recent month we have been trying (with no success) to obtain
information from various entities regarding the replacement process of
set-top-box devices conducted by the NC+ operator in Poland [1]. The
basis of the above can be found in this message [2].

We have received a key confirmation from NC+ operator that "the goal
of a replacement process of set-top-boxes is to improve security level
of a broadcasted signal, which is a requirement of agreements signed
with content providers". However when we inquired about the basis of
charging end-users a monthly fee for a replacement process of flawed
(vulnerable to ST chipsets flaws) set-top-box devices, no response
was received.

So, we asked NC+ for an official contact at the parent company (Canal+
Group). Again, no response was received.

We asked CERT-FR (French Government Cert) for assistance and a contact
to Canal+ Group and they responded that this is not their role to pass
this information to us (CERT-FR directed us to ST, which has not been
responding to our messages / refused to provide information regarding
impact and addressing of the vulnerabilities found in their chipsets).

So, we asked Vivendi, a parent company of Canal+ Group for an official
contact where our inquiries could be sent. Again, there was no response.

Thus this message.

If anyone of you knows a security contact at Canal+ Group where we could
direct our inquiries pertaining to security / replacement process of STB
devices vulnerable to STMicroelectronics flaws, please let us know.

Thank you.

Best Regards,
Adam Gowdiak

---------------------------------------------
Security Explorations
http://www.security-explorations.com
"We bring security research to a new level"
---------------------------------------------

References:
[1] SE-2011-01 Vendors status
    http://www.security-explorations.com/en/SE-2011-01-status.html
[2] [SE-2011-01] Regarding liabilities in SW / HW (ST chipsets flaws)
    http://seclists.org/fulldisclosure/2018/Feb/50


_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Previous By Date Next
Previous By Thread Next

Current thread: