this post was submitted on 20 Nov 2024
55 points (98.2% liked)

Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ

54716 readers
273 users here now

⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.

Rules • Full Version

1. Posts must be related to the discussion of digital piracy

2. Don't request invites, trade, sell, or self-promote

3. Don't request or link to specific pirated titles, including DMs

4. Don't submit low-quality posts, be entitled, or harass others



Loot, Pillage, & Plunder

📜 c/Piracy Wiki (Community Edition):


💰 Please help cover server costs.

Ko-Fi Liberapay
Ko-fi Liberapay

founded 1 year ago
MODERATORS
 

A team of hackers from Brazil have taken first place in a hackathon organized by the country's telecoms regulator. The challenge was to develop a solution to prevent non-approved 'pirate' set-top devices from functioning in people's homes. The team say they were able to remotely transfer code which completely disabled a target device. Once implemented, "there will be a general failure in most of the irregular boxes in use," the hacker predicted.

top 21 comments
sorted by: hot top controversial new old
[–] [email protected] 12 points 3 days ago

what kind of narc behaviour is this

[–] [email protected] 41 points 4 days ago (2 children)

ensuring greater security and privacy for users

Don't worry guys, they're just concerned for the users security and privacy

[–] [email protected] 6 points 4 days ago

Injecting a malicious undisclosed firmware/software update. Very private and secure. /s

[–] [email protected] 7 points 4 days ago

And chromium's new spyware is a privacy enhancement.

[–] [email protected] 18 points 4 days ago* (last edited 4 days ago)

Am I supposed to be impressed?
Most of these pirate TV Boxes run the rankest Android 4 ROMs you've ever seen.

Like wow, you've found a exploit on 2011 user-debug Android, amazing.
There used to be 1-click root apps for these shits back then, am I really supposed to be amazed that you managed to reproduce that and brick some shittily made boxes? Running old chipsets chock full of vulnerabilities? Running an ancient and unpatched OS? Running the shoddiest programmed piracy front-ends ever? Really?

[–] [email protected] 29 points 4 days ago

There’s white, gray and black hat… and then you have these guys, piss yellow hats.

[–] [email protected] 15 points 4 days ago (1 children)

the team’s solution is to render set-top devices useless through a software update controlled by them, rather than the manufacturer or whichever entity typically handles that.

ISPs in Brazil already hijack DNS requests for the purpose of blocking access to pirate sites. Typically, that involves an internet user attempting to access ‘Blocked Site A’ in their browser, and ISPs’ DNS servers directing the user to a blocking page instead. Assuming that a set-top box tries to access a particular domain name to receive an update, those requests can also be diverted to a different server.

Solution: never update the device.

Meanwhile, the victorious six-person team picked up a cash prize of R$7,000 for taking first place; that’s around US$1,200 or US$200 each after the split.

Wow. Just wow. I sure hope they get something more out of that, because 1200 dollars for fucking up who knows how many shitty chinese android boxes is worse than doing it for free. From a related article from TF:

Cybersecurity companies charge millions of dollars to solve problems smaller than this.

[–] [email protected] 4 points 4 days ago* (last edited 4 days ago)

Wow. Just wow. I sure hope they get something more out of that, because 1200 dollars for fucking up who knows how many shitty chinese android boxes is worse than doing it for free. From a related article from TF:

Bug bounties and hackathons are notorious for being the coding equivalent of working for exposure. These are inherently cost savings programs so that companies don't feel like they need to purchase these assets at market price.

[–] [email protected] 20 points 4 days ago (1 children)

Wait, so I can just damage other people’s property?!

[–] [email protected] 1 points 4 days ago

Sure you can, outside of a few specific carve outs it's a civil matter... Meaning it takes money to fight money behind it

[–] [email protected] 12 points 4 days ago (1 children)

I guess these hackers really enjoy the rich, succulent tastes of Das Boot.

[–] [email protected] 5 points 4 days ago (1 children)
[–] [email protected] 4 points 4 days ago

yeah I was assuming (incorrectly) that "the boot" would translate into German as "Das Boot". Should've known better, or fact-checked myself. Anyway, I'm calling them out for being a bunch of bootlickers, which they are, until someone tells me the Brazilian government tortured their grandmas and pet dogs in order to force them to participate. Of which I wouldn't be surprised, though.

[–] [email protected] 7 points 4 days ago

Imagine being the bootlickers who wrote that malicious code. Rest in piss, all of y'all.

[–] [email protected] 8 points 4 days ago

Imagine being so knowledgeable yet so immoral. Pieces of shit.

[–] [email protected] 8 points 4 days ago

“Let’s make the people safe by opening wide a back door so we can go in and disable their stuff. Of course no malicious party will ever want to use that access”

[–] [email protected] 9 points 4 days ago* (last edited 4 days ago) (1 children)

Sounds like they would use DNS hijacking to trick the set top boxes into downloading malicious code that disables the device.

I wonder if something as simple as having a VPN active on the device or the network would mitigate this since you would be avoiding the ISP DNS.

[–] [email protected] 3 points 4 days ago (1 children)

You don't even need a VPN to use a different DNS server.

[–] [email protected] 1 points 4 days ago* (last edited 4 days ago)

Yeah for sure. Maybe even something as simple as setting the network DNS to Quad9

[–] [email protected] 9 points 4 days ago

This is not the way.

[–] [email protected] 6 points 4 days ago

well that's one more thing that can fuck right off