Thread: Snooping TV.
View Single Post
  #277   Report Post  
Posted to uk.d-i-y
John Rumm John Rumm is offline
external usenet poster
  
Posts: 25,191
Default Snooping TV.
On 16/03/2017 18:16, tim... wrote:


"John Rumm" wrote in message
o.uk...
On 15/03/2017 17:07, tim... wrote:


Remember, this is a download being broadcast to 100,000 (or 1 million)
separate devices all at the same time

This isn't a point to point communications link

Which "this" are you referring to in particular?

the way that updates are downloaded to TVs etc

the one that is currently insecure, that we need to make secure, to stop
the spooks using it to download their dodgy software.

Keep in mind in the case cited they used physical access and USB to hack
the set. If the spooks were really keen they could hack a set before the
owner got it, or apply pressure to the maker to help them.

It's already been suggested that if the spooks have access to a specific
TV so that they can download the code manually, they can just as easily
plant some normal bugs and not have to engage in the expensive task of
re-engineering the TV's software

True, but a normal bug could be found, whereas finding your TV in the
living room may come as less of a surprise!

True multipoint comms (e.g. multicast) on the internet is still fairly

but these devices are not always "on the internet"

What smart TVs? They are normally on the network full time. Mine appear
on windows machines as a DLNA compatible output device.

Some of the older non smart TVs had ethernet only for updates etc.


the devices that I worked with were not

And I'm still interested in how I make that download of new software
secure, without having to resort to "keeping the key secret" (as will my
ex-employer and his clients - world leading in their sector, though not
internet security obviously)

Real security is a difficult game, and the rules change depending on who
you are trying to defend against.

A combination of certificated sources, and signed binaries is probably
the best approach.


--
Cheers,

John.

/================================================== ===============\
| Internode Ltd - http://www.internode.co.uk |
|-----------------------------------------------------------------|
| John Rumm - john(at)internode(dot)co(dot)uk |
\================================================= ================/
Reply With QuoteReply With Quote