Slashdot Mirror

← Back to Stories (view on slashdot.org)

Vivendi Universal vs. News Corporation

Posted by michael on from the et-tu-brute dept.

timbo_red writes: "According to a BBC story, NDS, a company 80% owned by Rupert Murdoch's News Corp is being sued by Canal+ for allegedly cracking their smart cards, which could have had a serious effect on ITV digital, the major UK competitor to Murdochs Sky digital in the UK pay TV market."

6 of 149 comments (clear)

  1. Re:Your father was a hamster and your mother... by dj28 · · Score: 3, Informative

    No becuase NDS is owned by NewsCorp which is a US-based corporation. That's why they are suing in the US.

  2. Re:Wierd ... by BoyPlankton · · Score: 3, Informative

    Better Article
    Turns out the lawsuit is in California because it was NDS Americas Inc. that transmitted the details onto the Internet.

  3. Not mathematically impossible by Mr.+Fred+Smoothie · · Score: 3, Informative

    AFAIK is not "mathematically impossible" to break even the strongest crypto available. It is "computationally infeasable." I.e., it's mathematically possible (by factoring all the large primes that could have been used for the key, for instance), but you can't afford the time/money (mostly time) required.

    --

  4. Background on SECA, the UK, and smart card piracy by Contact · · Score: 5, Informative

    Quick summary for US readers - Canal+ (the french cable TV channel) uses SECA encryption, which is also used by ITV Digital (formerly OnDigital), the UK's terrestrial digital provider. Terrestrial digital is basically digital TV transmitted over the airwaves.

    The choice of SECA was considered unwise when OnDigital selected it, as SECA was already at that point known to be broken. Naturally, pirate cards started circulating shortly afterwards. The smart cards now sell for as little as 10 pounds (about 15 dollars) and card programmers can be obtained for about three times that allowing people to keep up to date.

    At the moment, the UK has an arms race between ITV Digital and the pirates. ITV Digital will start broadcasting "ECMs" which exploit weaknesses in the pirate cards to cause them to crash (so they can't display TV). The pirates promptly fix their cards and release the new version, at which point it starts over again. There are several competing pirate codes around, and new versions are being released almost weekly.

    There is a rumour that ITV Digital are less diligent than they need to be in tracking down and killing pirate cards, as these cards increase their marketshare against that of Sky (Murdoch's satellite TV company, the dominant "extra" TV company in the UK). This would be a tactic reminiscent of the way that pirate installations of Windows / DOS made those operating systems the standard in the past - whether there's any truth in the rumours is obviously uncertain, however.

    Anyone interested in more information should consider the newsgroups uk.tech.digital-tv and uk.tech.digital-tv.crypt, although be warned that those groups are infested with pirates, script kiddies and the usual crop of 14 year old flamers! :)

  5. Why smartcard security sucks by b.foster · · Score: 5, Informative
    I used to have a roommate who hacked DirecTV smart cards to get free pr0n channels back in the day, and we had many interesting discussions on the merits of smartcard security. He taught me that the dirty little secret of the industry is that every smartcard in history has been cracked. Now why might that be the case? Simply put, there are more avenues of attack on a smartcard device than you can shake a stick at. Let us examine a few of the most important ones:
    • Bugs in the code on the card. This is somewhat analogous to buffer overflows and format string bugs in poorly written daemons like IIS, UPNP, and BIND. Often the first thing that hackers will do with a new smartcard is to explore its known instructions to try to find "read holes" (which let you read the ROM or EEPROM) or "write holes" (which allow you to modify the code on the card).
    • Glitching. In order to circumvent the security on smart cards, some hackers will buy a special device called a "glitcher" that momentarily lowers the power supply voltage going to the card at just the right time in order to get the CPU on the card to skip the desired instruction. The result is that the security on the card can be bypassed. In the case of DTV access cards, glitching is also used to "unloop" cards that have been illegally modified and subsequently disabled by DTV's electronic countermeasures.
    • Replay attacks. Often a card may be convinced to accept ROM updates by crafting an instruction packet that appears to be an authorized update, but in fact has a forged signature on it. This is caused by the use of weak mathematics such as IDEA and CBC, which have been almost fully compromised.
    • Communication logging. Often, critical data that passes between a card and its peer can be observed and logged. This data can leak important decryption keys, passwords, and data.
    • Power use analysis. Hackers with access to expensive equipment can observe how much power a smartcard uses while performing a given operation, and can sometimes deduce decryption keys from this power trace as a result of poor implementation of cryptographic algorithms.
    • Insecure operating environments. Some smartcard designers choose to implement things like Java or Lunix on their smartcards, which have proven security vulnerabilities and cannot withstand a dedicated attack.
    The one thing that surprises me about this article is that NDS spent a million dollars on this research. Satellite hackers who want to steal DirecTV's signal do the same thing for free every day, and usually do a more thorough job of cracking the card. However, the one lesson to take from this is simple: smartcard security Just Doesn't Work(tm).

    Bill

  6. Re:UK Pay TV Market? by Jon+Chatow · · Score: 5, Informative

    Ah, yes, but there's a whole world of difference psychologically between paying the television licence fee (approx 120UKP/170USD p.a., IIRC) and a 'top up' fee to recieve extra channels (i.e., the 5 free-to-air analogue, and about 15 extra free-to-air digital terrestrial broadcasts). About 40% (according to The Economist) of the UK's population gets pay-for (digital) TV, through satellite (Sky), cable (NTL and Telewest) or terrestrial (ITV/OnDigital); the government is going to auction the analogue TV bandwidth in 2006, so is hoping everyone will move off analogue reception quickly, or it will have to pay for everyone to get a digital set-top-box or television.

    Oh, and the licence fee money isn't collected by the government, but by people contracted out by the BBC (currently Consignia/the Post Office/what-ever-name-change-they've-had-this-week ).

    --
    James F.