Slashdot Mirror

← Back to Stories (view on slashdot.org)

Vivendi Universal vs. News Corporation

Posted by michael on from the et-tu-brute dept.

timbo_red writes: "According to a BBC story, NDS, a company 80% owned by Rupert Murdoch's News Corp is being sued by Canal+ for allegedly cracking their smart cards, which could have had a serious effect on ITV digital, the major UK competitor to Murdochs Sky digital in the UK pay TV market."

7 of 149 comments (clear)

  1. Your father was a hamster and your mother... by PHAEDRU5 · · Score: 5, Funny

    A French subsidiary of a French multinational is suing a British subsidiary of an (Australian?) (British?) multinational in a U.S. court, over a conspiracy centered in London?

    Is this some sort of Pythonic joke?

    --
    668: Neighbour of the Beast
  2. Background on SECA, the UK, and smart card piracy by Contact · · Score: 5, Informative

    Quick summary for US readers - Canal+ (the french cable TV channel) uses SECA encryption, which is also used by ITV Digital (formerly OnDigital), the UK's terrestrial digital provider. Terrestrial digital is basically digital TV transmitted over the airwaves.

    The choice of SECA was considered unwise when OnDigital selected it, as SECA was already at that point known to be broken. Naturally, pirate cards started circulating shortly afterwards. The smart cards now sell for as little as 10 pounds (about 15 dollars) and card programmers can be obtained for about three times that allowing people to keep up to date.

    At the moment, the UK has an arms race between ITV Digital and the pirates. ITV Digital will start broadcasting "ECMs" which exploit weaknesses in the pirate cards to cause them to crash (so they can't display TV). The pirates promptly fix their cards and release the new version, at which point it starts over again. There are several competing pirate codes around, and new versions are being released almost weekly.

    There is a rumour that ITV Digital are less diligent than they need to be in tracking down and killing pirate cards, as these cards increase their marketshare against that of Sky (Murdoch's satellite TV company, the dominant "extra" TV company in the UK). This would be a tactic reminiscent of the way that pirate installations of Windows / DOS made those operating systems the standard in the past - whether there's any truth in the rumours is obviously uncertain, however.

    Anyone interested in more information should consider the newsgroups uk.tech.digital-tv and uk.tech.digital-tv.crypt, although be warned that those groups are infested with pirates, script kiddies and the usual crop of 14 year old flamers! :)

  3. The end is near :) by CDWert · · Score: 4, Interesting

    When big boys like this start duking it out over greed based issues, and lets be honest thats what this is, the end is near, It woulda been more fun to see say sony vs disney or maybe someone else they dont already own :)

    Remerber when Ibm started trying to sue all the clone makers ? Or apple. Remeber when Sony sued over the betamax, or so on so forth.

    I think what happens is greed reaches an apex, it cannot make money off going after the little guys distributing css, (it can try to limi it) but at some point it all falls like a house of cards when companies like this focus all their energies out of squeezing every last cent out of anyone for any reason , and in the process become a company for which litigation is their core business. V/Unv core business is supposed to be entertainment. I wouldnt know I have boycotted any materials, my small part in the struggle. But it seems no longer like a company interested in entertainment but more so litigation.

    When companies like these start running around suing each other its often too late and they are only trying to salvage what they can, or make a stnd where they are, anyone know their current financials ? (the real ones please :)

    --
    Sig went tro...aahemmm.....fishing........
  4. Why smartcard security sucks by b.foster · · Score: 5, Informative
    I used to have a roommate who hacked DirecTV smart cards to get free pr0n channels back in the day, and we had many interesting discussions on the merits of smartcard security. He taught me that the dirty little secret of the industry is that every smartcard in history has been cracked. Now why might that be the case? Simply put, there are more avenues of attack on a smartcard device than you can shake a stick at. Let us examine a few of the most important ones:
    • Bugs in the code on the card. This is somewhat analogous to buffer overflows and format string bugs in poorly written daemons like IIS, UPNP, and BIND. Often the first thing that hackers will do with a new smartcard is to explore its known instructions to try to find "read holes" (which let you read the ROM or EEPROM) or "write holes" (which allow you to modify the code on the card).
    • Glitching. In order to circumvent the security on smart cards, some hackers will buy a special device called a "glitcher" that momentarily lowers the power supply voltage going to the card at just the right time in order to get the CPU on the card to skip the desired instruction. The result is that the security on the card can be bypassed. In the case of DTV access cards, glitching is also used to "unloop" cards that have been illegally modified and subsequently disabled by DTV's electronic countermeasures.
    • Replay attacks. Often a card may be convinced to accept ROM updates by crafting an instruction packet that appears to be an authorized update, but in fact has a forged signature on it. This is caused by the use of weak mathematics such as IDEA and CBC, which have been almost fully compromised.
    • Communication logging. Often, critical data that passes between a card and its peer can be observed and logged. This data can leak important decryption keys, passwords, and data.
    • Power use analysis. Hackers with access to expensive equipment can observe how much power a smartcard uses while performing a given operation, and can sometimes deduce decryption keys from this power trace as a result of poor implementation of cryptographic algorithms.
    • Insecure operating environments. Some smartcard designers choose to implement things like Java or Lunix on their smartcards, which have proven security vulnerabilities and cannot withstand a dedicated attack.
    The one thing that surprises me about this article is that NDS spent a million dollars on this research. Satellite hackers who want to steal DirecTV's signal do the same thing for free every day, and usually do a more thorough job of cracking the card. However, the one lesson to take from this is simple: smartcard security Just Doesn't Work(tm).

    Bill

  5. Re:"Huge sums" by Zeinfeld · · Score: 4, Insightful
    So, according to the article, NDS spent "huge sums" cracking the codes. It seems to me, that if the codes were sound, it should have been mathematically impossible for them to crack it for any amount of money (short of an optical, or quantum computer, of course). And if they weren't, why did they need to spend so much money on it?

    Actually this is not true when it comes to DRM measures. The problem here is that you are trying to keep information secret while sharing it with a few tens of millions of subscribers.

    Ultimately any crypto scheme depends on the secrecy of a small number of keys. If a person reveals their key deliberately then anyone can read the information sent to them.

    That said the Canal+ scheme does not have a great reputation for security. There are plenty of schemes that at least require the attackers to extract secret keys from smart cards. The satelite TV DRM problem is much easier than the DVD type problem. With a DVD player you can't issue a different key to each user and withdraw use rights on a per player basis. With satelite TV you can.

    --
    Looking for an Information Security student project suggestion?
    Try http://dotcrimeManifesto.com/
  6. Jurisdiction overhaul by mcrbids · · Score: 5, Insightful

    This case underscores the global nature of society now, an issue further underscored by the Internet itself.

    Really and truly, the idea of "jurisdiction" when it comes to "e-anything" is almost incomprehensible. I publish a web page here in California about barbecues and possibly break Indian law. I publish a (perfectly legal in the US) pro-nazi page with swastikas and break German law if Germans ever (god forbid) look at it.

    In this kind of environment, "legal" falls to the least common denominator, whatever's left when everything illegal everywhere is removed. Not much of an argument for "free speech" since anything on the 'net is merely communication, after all.

    Remember Dimitri?

    At issue is that there is no international law (that the US will respect, anyway) and as a result of this deficiency, we see all kinds of craziness.

    It's going to get worse before it gets better.(sigh)

    --
    I have no problem with your religion until you decide it's reason to deprive others of the truth.
  7. Re:UK Pay TV Market? by Jon+Chatow · · Score: 5, Informative

    Ah, yes, but there's a whole world of difference psychologically between paying the television licence fee (approx 120UKP/170USD p.a., IIRC) and a 'top up' fee to recieve extra channels (i.e., the 5 free-to-air analogue, and about 15 extra free-to-air digital terrestrial broadcasts). About 40% (according to The Economist) of the UK's population gets pay-for (digital) TV, through satellite (Sky), cable (NTL and Telewest) or terrestrial (ITV/OnDigital); the government is going to auction the analogue TV bandwidth in 2006, so is hoping everyone will move off analogue reception quickly, or it will have to pay for everyone to get a digital set-top-box or television.

    Oh, and the licence fee money isn't collected by the government, but by people contracted out by the BBC (currently Consignia/the Post Office/what-ever-name-change-they've-had-this-week ).

    --
    James F.