1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SDV solution for S3, TiVo HD

Discussion in 'TiVo Series3 HDTV DVRs' started by 20TIL6, Aug 25, 2007.

  1. Aug 26, 2007 #21 of 163
    GoHokies!

    GoHokies! O2->CO2 Converter

    2,657
    0
    Sep 21, 2005
    KFME
    From a user's perspective, maybe. Allowing the back channel communications to come in over the network opens up the cable modes to try and be hacked into via the internet. Using the existing cable for upstream comms is much more secure. Any replacement of internal parts is a non starter for those of us that already own a THD/S3 - it stands to reason that once this device is developed it can be incorporated into future designs.
     
  2. Aug 26, 2007 #22 of 163
    ZeoTiVo

    ZeoTiVo I can't explain

    25,527
    0
    Jan 2, 2004
    It sounds to me like TiVo desiigners are working with cable on how this works. It will come with the TiVo. This is what TiVo exec was talking about when he said in the Congressional hearing that cable companies were showing good faith in wroking to resolve SDV issue. Cable company actions are starting to show they think someone buying a 3 year contract on a cable only device is really a good thing.


    ETA - oops smeeked PKscout but a big +1 on the idea of SAT finally getting on board
    what really caught my eye in the article is where they want to go next after SDV issue and how the cable companies dangled a carrot out there if the FCC would finally end the stupid waiver the Sat companies got. Emphasis mine


    question? could this be used to easily resolve QAM mapping as well?
     
  3. Aug 26, 2007 #23 of 163
    pkscout

    pkscout Active Member

    3,928
    0
    Jan 10, 2003
    Honolulu, HI
    Really. That seems familiar to me. :p
     
  4. Aug 26, 2007 #24 of 163
    sfhub

    sfhub Active Member

    1,270
    0
    Jan 6, 2007
    Having an Internet-based SDV gateway allows for different types of attacks but how do you know that is less secure than the existing upstream? Are there any studies or white papers on attacks of the internal upstream system? It really depends on the design and implementation of the systems whether something is more or less secure and you can have a good or bad implementation with either. From experience if you don't have 3rd party white/black hats attacking the system, it is harder to design a secure system. There is almost always something you don't anticipate when you need to design something secure but also relatively easy to install.
     
  5. Aug 26, 2007 #25 of 163
    LCD1080

    LCD1080 New Member

    65
    0
    Dec 13, 2006
    Who cares? This is TIVO we're talking about! :)
     
  6. Aug 26, 2007 #26 of 163
    dig_duggler

    dig_duggler losing enthusiasm

    835
    0
    Sep 18, 2002
    Birmingham, AL
    Is it sad that I'm so happy that they've finally admitted that there needs to a solution?
     
  7. Aug 26, 2007 #27 of 163
    GoHokies!

    GoHokies! O2->CO2 Converter

    2,657
    0
    Sep 21, 2005
    KFME
    Any piece of equipment that is connected to the internet is going to be significantly less secure than then a piece of equipment that can only be connected to by connecting to cable TV wiring from one of the houses served by that node, as the piece of equipment that is internet connected will be exposed to any joker in the world with an internet connection (as opposed to only the handful of people that are connected to the same node as you are).
     
  8. Aug 26, 2007 #28 of 163
    morac

    morac Cat God

    8,964
    25
    Mar 14, 2003
    NJ
    How secure does this device really need to be? Basically it will say I want to be able to tune to channel X which is not currently being broadcast so it will send channel X on whatever frequency it chooses and tell the dongle. Even if someone hacked the request, they would still need a CableCARD tied to your account to decode the channel.

    Basically the cableCARD would handle the security and this dongle would just handle the 2-way communication. If it used SSH or HTTPS encryption then it wouldn't be any less secure than making an online banking transaction.
     
  9. Aug 26, 2007 #29 of 163
    vstone

    vstone New Member

    1,235
    0
    May 11, 2002
    Martinsville...
    Should I presume that encrypted IP packets, with each Tivo provided with a unique key delievered via an ecrypted video stream, are not considered secure, even though we use similar technology to buy stuff over the Internet?
     
  10. Aug 26, 2007 #30 of 163
    sfhub

    sfhub Active Member

    1,270
    0
    Jan 6, 2007
    You are talking about exposure to potential people poking at it, which is quite a different thing than being secure.

    The exposure for the QPSK or DOCSIS modem is any person connected to the cable line, not just a node.

    Further once you connect the USB device to TiVo which has an ethernet port and is always on, TiVo can then serve as a gateway to the Internet with sufficient buffer overflow exploitation.

    Really, how different is a server running linux with one end connected to the Internet and the other end connected to a QPSK or DOCSIS modem vs 10,000 TiVos running linux with one end connected to the Internet and the other end connected to a QPSK or DOCSIS modem.

    You may claim then that TiVo introduces a level of complexity and therefore it is more secure but really that is no different than the SDV Internet gateway which presumably would be set up by someone who knows how to plug the holes.

    Getting the RF channel associated with a channel # is a very well defined operation and the designers can concentrate on making that airtight. It becomes harder to secure something when you have lots of legacy apps that you need to support, each with their own exploits, but if you keep it simple it isn't that difficult. This is mainly a directory lookup read operation, like DNS. No need to delete or write. Again, keep it simple. Further this data is not even very valuable to anybody besides the folks who want to watch TV so the incentive to hack is not high.

    If TiVo et al can build Amazon unbox, I'm confident TiVo+Cable can build an SDV gateway if they had a desire to do so.

    The reason I think they are doing it this way is because it is probably the least amount of work for the cable company. I don't know if it is more or less work for TiVo either way. Clearly for the customer an Internet solution would be most painless.
     
  11. Aug 26, 2007 #31 of 163
    GoHokies!

    GoHokies! O2->CO2 Converter

    2,657
    0
    Sep 21, 2005
    KFME
    I was thinking less of the theft of service angle and more along the lines of the mischievous turn off the node/fake a request and tune everyone's TV to porn type attacks.

    Whatever you want to call it sfhub, if I were designing this, I would prefer to limit my connections to outside networks if I can run the entire thing over the cable plant that I own. Your Tivo/Linux server examply is flawed too - find me a published case of a Tivo that's been hacked into for ANY purpose and I'll be able to find a dozen cases of web servers being hacked into.

    From a cable companies perspective, it makes no sense to spend the time and money to develop a robust system that can be safely run over the internet when you have a perfectly good network that isn't accessible to anyone around the world that you can use instead.
     
  12. Aug 26, 2007 #32 of 163
    skylab

    skylab New Member

    20
    0
    Jul 25, 2007
    How much is this going to cost? Who is going to pay for it?


    I highly doubt this will ever see the light of day, but it would be good if it does. All the effort is now focused on finding a solution for the next generation of cablecards or dcas. There is absolutely no incentive to support legacy hardware like the Tivo S3 or cablecard equipped tvs.
     
  13. Aug 26, 2007 #33 of 163
    sfhub

    sfhub Active Member

    1,270
    0
    Jan 6, 2007
    Can you find me a dozen cases of an SDV Internet Gateway being hacked into? :)
     
  14. Aug 26, 2007 #34 of 163
    pmiranda

    pmiranda New Member

    669
    0
    Feb 12, 2003
    Austin, TX
    Yes, I think it is. Note the past tense in this line: "The NCTA said cable has worked with individual consumer-electronics makers ' it cited TiVo ' to develop a solution that can provide two-way switched digital video channels to unidirectional digital cable products."

    Why not develop a software-only fix that uses an internet connection? Somebody already mentioned the vulnerability that opens the cableco to, but another reason is it would exclude anyone that doesn't have their TiVoHD or S3 on a broadband connection. Hard to imagine, but I'm sure those people are out there.

    I'm impressed NCTA was willing to do an end-run around opencable, but I'm still skeptical that anything will be delivered soon. As for cost, as long as it's less than the cablebox rental and the monthly TiVo service fee I'm paying to get the few SDV channels I care about, it will be worth it to me. To say nothing of the vastly increased WAF of consolidating to just one TiVo instead of two.
     
  15. Aug 26, 2007 #35 of 163
    sfhub

    sfhub Active Member

    1,270
    0
    Jan 6, 2007
    I remember reading about JTAG cables for SB5100 when I purchased my JTAG cable to debrick my Belkin 7130. I figured at the time it must have been for some hacking purpose but didn't look into it further. Anyway, I found the following a good read. I don't believe the internal coax network is as secure as people think and there are hackers spending their time playing with it as well.

    The article is from a while back. It seems since then, they have completely replaced the vxworks OS in the SB5100 and replaced with linux core with complete control of DOCSIS stack and SDK availability for your addon development. Search tcniso if you want to know more.

    Cable modem hackers conquer the co-ax
    http://www.securityfocus.com/news/7977
     
  16. Aug 26, 2007 #36 of 163
    CharlesH

    CharlesH Member

    1,061
    1
    Aug 29, 2002
    Sacramento...
    But there are a couple of us S3 owners who use DSL for broadband ($34.99/mo for 6Mbs) :)
     
  17. Aug 26, 2007 #37 of 163
    GoHokies!

    GoHokies! O2->CO2 Converter

    2,657
    0
    Sep 21, 2005
    KFME
    I don't think that I could come up with a list of a dozen SDV internet gateways! ;)

    On your second comment, I agree that there are possibilities for a coax based scheme to be hacked and abused, but it reduces the pool of folks that can hack my node from the millions to the hundreds. :)
     
  18. Aug 26, 2007 #38 of 163
    Jazhuis

    Jazhuis New Member

    107
    0
    Aug 30, 2006
    Eh...the concept of SDV isn't that you'd be using it to tune your TV, but just to signal the headend as to what your TV was tuning to. You wouldn't be switching other people's TV's, you'd just be flooding the cable network with channels that people aren't actually watching. Of course, I almost guarantee that channel surfers are going to do the exact same thing...
    Bingo. Remember that "going through the internet" at this point doesn't mean going out through Bavaria or anything, it just means from your cable modem to the cable company's headend. You still have to deal with your neighbors within the CO's network, but you have to do that anyway.
     
  19. Aug 26, 2007 #39 of 163
    pmiranda

    pmiranda New Member

    669
    0
    Feb 12, 2003
    Austin, TX
    Nobody that has changed to a SDV channel will be surfing for very long. Even with TW's SA box it takes a few seconds to tune in an SDV channel. On occasion it even throws up a message that the channel is unavailable for a couple seconds before it finally relents to my apparently unusual request to watch SPEED channel.
     
  20. Aug 27, 2007 #40 of 163
    kmill14

    kmill14 New Member

    196
    0
    Dec 11, 2006
    Here is the latest from megazone on tivolovers. He goes into more detail about how the NCTA has been working with Tivo to get this done. What does this mean to me?

    That Tivo and the NCTA "could" already be very close to rolling this out. At the very least, its not just a "concept" as some have labeled it, but at least in development. Its in all these companies' best interest to get something done sooner rather than later.

    http://www.tivolovers.com/2007/08/27/more-hope-for-sdv-on-tivo-series3-and-tivo-hd/
     

Share This Page