How safe is your STB?

December 1, 2014 andrewwajs

Cybercrime is big business. And the impact is far reaching. No organization is immune. Cable and Satellite operators with their large number of STBs could be vulnerable to attack. Can anything be done to minimize the risk?

Changing face of cybercrime 
Hackers are no longer teenagers wanting to gain notoriety. Over the years, we’ve witnessed cybercrime change. In 2008, the 3rd generation saw the motive move from recognition to financial gains. The 4th generation hackers could be described as professionals by 2010. And now, it has developed into an active underground economy. Tools of the trade are for sale, botnets can be rented by the hour. There are even social networks and escrow services! You could classify the 5th generation as “Hacking as a Service”.

Advanced persistent threats target specific companies for a specific purpose; with devastating effect. This year saw, American retailer, Target’s Q4 profits plummet by 46% as a result of an attack. And The Home Depot confirmed that hackers exposed USD 56 million credit and debit cards during its months-long security breach.

My STB is protected – isn’t it? 
Internet attacks on STBs are a viable option. Indeed, in 2012 Adam Gowdiak first presented his findings to the HITB security conference in Amsterdam. He’d discovered major security holes in STBs and DVB chipsets. By demonstrating a malware attack and satellite TV signal theft, he was also able to obtain sensitive information from the STB. This included user’s credentials, viewing history and billing details. You can imagine that much more could be accessed had the STB been used as a gateway connected to other devices.

If this had been a professional attack, the service outage alone would have cost the pay-TV operator millions. And the effect on the brand could be more devastating; even resulting in a loss of trust.

An agent on the inside
What is needed in today’s world is the capability to fight real-time attacks. Having an agent in the software allows you to do just that. The agent monitors everything that is happening and controls what processes are doing. It feeds back anomalies and enforces policies; allowing you to update policies over time. Even if a malware app gains Root access, the agent can either terminate it or restrict access. For example, the app is prevented from accessing certain registers or writing to particular screens. Pay-TV operators can have the confidence that their STBs are protected dynamically from the inside.

Relevant today and tomorrow 
To minimize the risk for pay-TV operators, it’s important to have a media platform security solution which works with existing STBs, as well hybrid STBs or other gateways. Such a solution can extend the life of a STB. Having robust security across all connected devices is paramount. And with the Internet of Things gaining momentum the stakes will only increase.

Previous Article
Don’t get left behind with 4K readiness
Don’t get left behind with 4K readiness

Over the last couple of months I’ve been surprised by how few pay-TV operators have concrete 4K plans in pl...

Next Article
Rising tide of online piracy: sink or swim?
Rising tide of online piracy: sink or swim?

For the first time, searches for popular insecure OTT devices have now outstripped popular secure OTT devic...