GStreamer speculative execution attack

August 14, 2019 – Allan Alderman

Network certification, the RSA industry standard to authorize its users, requires applications to be able to define, enact, and execute with certain minimum security parameters. The protocol that allows GStreamer developers to define such parameters, MVC 1.1, (participation identification model) was intended to adhere to the necessary security standards, but some developers have been able to circumvent the requirement.

For example, with MVC 1.1, GStreamer developers can specify that the protocol includes 256-bit PII, PL0, and string object numeric value values. Different members of the protocol can also dictate what that IP string represents.

Even the most sophisticated developers were able to bypass the security conventions included in the MVC 1.1 protocol.

From one application to another

Based on one piece of code in MVC 1.1, MVC 0.1, and an unsuccessful authentication attempt, the attacker can impersonate a GStreamer developer and submit a vote, thus giving the attacker the ability to contribute.

In an attempt to thwart the attack, one can either create an MVC 0.1 application (the tool itself is not malicious), add a copyright notification, or use a weak validation number that changes based on the intent of the transaction. For some reason, MVC 0.1 does not mention any of these precautions.

MVC 0.1

A knowledge of MVC 0.1 will not necessarily help to prevent MVC 0.1 from being executed. Fortunately, at this point, it's not clear that anyone can do this in the wild.


This article was automatically generated by Grover, an AI that is used to detect Fake News online, using just the title from an actual news story.

Source of the title is my own imagination.