Comments on: Security in a connected TV world

By: April 27, 2011 Vikram R Chari’s Journal Volume 2011 Issue 7 « vikchar

April 27, 2011 Vikram R Chari’s Journal Volume 2011 Issue 7 « vikchar — Wed, 27 Apr 2011 22:35:20 +0000

[...] Connected TV using HbbTV or other Internet Technologies Exposed to Hacking and Security Issues – http://is.gd/9EKQcG [...]

By: iceolate

iceolate — Wed, 27 Apr 2011 21:25:27 +0000

I heard about anti virus middleware and found it somewhat perplexing as to how it would be of any use. Unless there are known signatures for real TV or STB viruses then what will the AV software look for?

Regarding security of Connected TV devices, I think there may be a need for some kind of security testing as part of device qualification. For example YouView could require a device to pass a series of hack attempts such as buffer overruns, malformed content, etc. Should a compromise happen it could be analysed and the techniques used be incorporated into security testing for new device qualification.

The juiciest targets for hackers will remain the service providers themselves as they store more personal details and once in, you are free to harvest as much information as you want until you are cut off.

By: Nigel

Nigel — Wed, 27 Apr 2011 13:08:45 +0000

My first thought when I saw the press release from a company trumpeting their anti-virus for TV middleware is probably not printable. And as you say, it’s rather going in the wrong direction.

A TV is not a general purpose computer, and we shouldn’t be trying to make it into one. And rather than trumpeting “our middleware includes anti-virus functionality” it would be better, surely, to design things from scratch to be more secure.

I wonder if some of these issues are arising because companies see connected TV as a chance to become the gatekeeper; when the emphasis is on providing extra features to tick boxes for the marketing department with each product cycle, and on trying to position the manufacturer as the one who’s operating the platform, rather than a cable co, then the temptation to create something of your own, and tie people to your brand may well be enough to make other considerations secondary.

That’s not a position I condone, of course, but it’s all too easy to see how it happens. Security isn’t terribly sexy to consumers – or hasn’t been until now, and engineering often seems to be driven less by engineers than by marketing.

By: Anthony Smith-Chaigneau

Anthony Smith-Chaigneau — Wed, 27 Apr 2011 12:44:32 +0000

This is something that I highlighted some time when it appeared in the press (link below) ago as it was clearly an issue from the very start of interactive television and connected devices using the Internet and WWW as a secondary transmission path. The DVB looked at this in the DVB-GEM spec and has a clear security framework that considers these issues. HbbTV is a very weak offering and what on earth would we want to see Firewalls and Virus Software on TVs for…We are really heading in the wrong direction!

The Internet has proven itself fragile for data let alone television with computer viruses and malware in abundance yet the industry forges ahead regardless.

http://tvangelist.wordpress.com/?p=299

History Repeating Itself

* 1995 WebTV Founded based on HTML (failed)

* 1998 (ATSC) HTML is a poor environment for television (really?)

* 2000 Major goals of “ATVEF” was to create a specification that relies on existing and prevalent standards (HTML/JS) (failed)

* 2002 Broadcast HTML was created from ATSC-related work to develop the DTV Application Software Environment (DASE) (failed)

* 2006 The DVB-PCF embodies a high-level declarative model that is based on industry standard formats, including XML syntax, MIME types and UML (failed)

* 2009 TV manufacturers bet on WEB TV with CE-HTML (?)

* 2011 Sony Games Network and OTT TV Services Hacked and Millions of Personal Data including Credit Card Details Stolen