A new White Paper says while most pay-TV operators take measures to protect their content from piracy, they overlook potential vulnerabilities outside the traditional conditional access security domain.
Beyond Piracy: Why Content Protection is not Enough, produced by security experts Conax lists alternative goals from the pirates that include Distributed Denial of Service, data hijacking, STB modification and blackmail.
“The main overall challenge is that the threats posed by these other forms of hacking attacks are generally less intuitive. That is, it is difficult for operators to see the big picture of how an attack can affect their operations. Furthermore, while some high-profile incidents of connected device hacking – including hybrid STBs – have taken place, the incidents of attacks on operators are generally unknown or underreported and thus not a widespread enough issue in the pay-TV world to cause concern among operators.”
The paper warns that hybrid set-top boxes are a particular threat being the equivalent of fully-fledged media centers.
Hybrid STBs include a powerful CPU, RAM, and flash memories, and hybrid STBs with PVR functionalities even include sizable hard disks, where 500+ GB is not uncommon. This makes a hybrid STB population highly attractive purely due to storage capacity and computing power, in addition to the network resources present.