Malware found on HTV, the best-selling IPTV device according to the National Communications Agency (Anatel). In partnership with the Brazilian Pay-TV Association (ABTA), the TV Box working group has found the plague in the device.
Pirated equipment is sold in online stores for about 1000 RRL and has the attractiveness of many channels released without the user having to pay the original subscription, based on illegally transmitted content. According to TeleSíntese, Anatel’s inspection supervisor, Wilson Willich, reported that the agency had asked ABTA engineers and experts to contribute to the reverse engineering.
To verify all the functions, it was necessary to build similar equipment that allows simulating the real use of the device – it is not allowed to subscribe to HTV packages for investigation. “We had difficulties because we needed to get the equipment working. It’s not enough to disconnect it. The partnership with ABTA allowed us to run tests with live equipment, and from there, we checked for vulnerabilities,” Wellisch highlights.
Do you want to follow the best tech news of the day? Access and subscribe to our new YouTube channel, Canaltech News. Every day a summary of the most important news from the world of technology for you!
So far, the agency has specified that when it’s first turned on, HTV looks for a port to connect, without the user’s consent, to an unknown server. From there, the malware starts receiving updates from other ports that it can use if it is detected.
Furthermore, user data is captured and sent to the servers. The device retransmits pay-TV content that was captured in Brazil without a license. Once picked up in the country, the items are transported in hooded form to servers abroad and then returned to local customers. According to Anatel, content is captured when programmers are sent to distributors and directly from distributors (pay-TV operators, such as Sky or Claro, for example).
Everything is done by the user’s IP connection from applications that simulate TV media services or paid media over the top (OTT), which distributes online content in a direct connection between the platform and the end user. It is illegal activity and the user is paid to access it.
Malware can take over your TV, but it doesn’t. It runs in the background without the user noticing. Wellisch states that it connects to a network of malicious botnets that have the ability to perform coordinated denial of service (DDoS) attacks. “Because there is a lot of this equipment distributed, it can be used to clear sites, including public services,” he says.
This year, Wellisch said there were suspicions that these funds were being used to mine cryptocurrency without the user’s knowledge. Anatel has not yet performed tests to verify this hypothesis. “At the moment we are committed to cybersecurity, but I still believe mining is possible because these TV boxes are not using all the available capacity.”
Anatel intends to improve anti-piracy strategies and bypass the concerns of uncertified equipment. The conclusions of the working group will be forwarded to the dedicated cyber working group on cyber security. The proposal is to understand whether it is possible to work together, since the specific problems go beyond intellectual property theft and device disapproval.
source: remote synthesis
“Music fanatic. Professional problem solver. Reader. Award-winning tv ninja.”