Scenario 1: You are watching the Champions League and suddenly, your TV screen goes blank. You try to switch it on and off but still nothing and several attempts to restart your set-top box (STB) also prove futile. You then contact your service provider to complain, only to be told that the blackout has hit all of their subscribers and they are “working on it.”
Scenario 2: You finally get a hybrid STB that allows you to record your favorite programs to ensure you do not miss out on any episode. It is now Saturday and you have enough time to watch all your personal recordings. But just five minutes into your viewing time your screen displays a message asking you to pay to access all your personal recordings.
The above cases are just some of the scenarios that could happen following a pay-TV security breach. They are all the more likely to happen if you’re using a hybrid STB that supports video broadcasting and IP-based video. Such devices allow users to view digital cable programming as well as videos from the Internet or local IP network.
Hybrid STBs are most vulnerable to attacks because they are always on and, because of the access to public Internet video services, are much more open and susceptible to security breaches. In using a hybrid STB, subscribers compromise security in return for broader access to services.
During the recent AfricaCom 2016 event in Cape Town, Tor Helge Kristiansen, EVP principal architect at Conax, provided some examples of common security threats in pay-TV environments. These include:
1. Distributed denial-of-service (DDoS ) attacks: These involve hackers flooding servers with thousands of requests that can knock out services.
2. Ransom attack: Subscribers are faced with paying hackers to unlock their personal recordings.
3. Blackout and blackmail: STBs are blocked during a popular transmission and payment demands are made to unblock the service.
4. STB Manipulation: Hackers access the STBs and introduce errors, such as looping.
Kristiansen suggested that African countries should prioritize security even as they deliver user-friendliness. Kristiansen noted that there are different kinds of piracy in different regions. The biggest security challenge for pay-TV service providers across Africa is the sharing of cards and content keys. This is because Africa is predominantly a satellite region, which has a higher security exposure than other networks. It is also interconnected, making it more likely that if a hacker breaches one region then they will also get access to the rest of the continent.
He emphasized the importance of working with a strong security partner that can help operators secure the entire value chain by the use of separation technology, security evaluations, security audits, anti-piracy services and security guidance for device vendors.
The message is: Operators should be aware of the various attacks on STBs and aim at building very strong security architecture by researching and utilizing new security mechanisms and securing all available devices.
— Caroline Wambui, a Connecting Africa contributor at @First Communications