0 00:00:00,000 --> 00:00:30,000 Dear viewer, these subtitles were generated by a machine via the service Trint and therefore are (very) buggy. If you are capable, please help us to create good quality subtitles: https://c3subtitles.de/talk/46 Thanks! 1 00:00:09,110 --> 00:00:11,329 So this talk will be held 2 00:00:11,330 --> 00:00:14,219 by Martin Have. 3 00:00:14,220 --> 00:00:17,069 I cannot pronounce the it's 4 00:00:17,070 --> 00:00:18,839 perfect. Yes, OK. 5 00:00:20,370 --> 00:00:22,079 He is currently working at around 6 00:00:22,080 --> 00:00:25,169 professionals and you probably 7 00:00:25,170 --> 00:00:27,329 met him because he was working 8 00:00:27,330 --> 00:00:29,069 on the Bluetooth technology. 9 00:00:29,070 --> 00:00:31,439 And in fact, today he will talk about. 10 00:00:31,440 --> 00:00:32,639 No, in fact, no. 11 00:00:32,640 --> 00:00:33,640 It's because 12 00:00:34,830 --> 00:00:36,719 there is and there isn't any relation 13 00:00:36,720 --> 00:00:37,720 with that. 14 00:00:38,640 --> 00:00:41,129 Talk to us about the 15 00:00:41,130 --> 00:00:43,079 new technology that is going to be on the 16 00:00:43,080 --> 00:00:46,109 new smart TVs and how to act on those. 17 00:00:46,110 --> 00:00:47,729 Thank you, Martin. Sorry. 18 00:00:47,730 --> 00:00:49,020 Thank you for the introduction. 19 00:00:54,370 --> 00:00:56,469 So thanks for the introduction. 20 00:00:56,470 --> 00:00:58,629 Today, I'm going to talk about HPV, 21 00:00:58,630 --> 00:01:00,729 who if you have heard about HPV TV 22 00:01:00,730 --> 00:01:03,249 so far, while it's a lot of people, 23 00:01:03,250 --> 00:01:04,598 that's probably because of the media 24 00:01:04,599 --> 00:01:06,129 attention it got recently. 25 00:01:08,670 --> 00:01:10,530 Who's here to see some porn? 26 00:01:12,030 --> 00:01:13,030 No. 27 00:01:13,380 --> 00:01:15,749 Oh, I'm sorry, no foreign here today. 28 00:01:18,510 --> 00:01:20,729 So first, I'm going to talk about 29 00:01:20,730 --> 00:01:23,039 HPV as a as a standard, 30 00:01:23,040 --> 00:01:26,279 then I'm going to do to 31 00:01:26,280 --> 00:01:28,559 show you about the current adoption. 32 00:01:28,560 --> 00:01:30,839 I did some statistics off the channels 33 00:01:30,840 --> 00:01:32,369 on Astra. 34 00:01:32,370 --> 00:01:34,559 I show possible attack vectors and 35 00:01:34,560 --> 00:01:36,749 mitigation and a project 36 00:01:36,750 --> 00:01:38,909 of mine which is called hell 37 00:01:38,910 --> 00:01:41,369 HPV TV access limitations 38 00:01:41,370 --> 00:01:43,289 and conditions will be some 39 00:01:43,290 --> 00:01:44,969 recommendations for you to play with 40 00:01:46,260 --> 00:01:48,059 and no porn. 41 00:01:48,060 --> 00:01:48,959 So who am I? 42 00:01:48,960 --> 00:01:50,189 My name is Martin Halford. 43 00:01:50,190 --> 00:01:51,929 I'm currently working with the security 44 00:01:51,930 --> 00:01:54,119 consulting firm called 45 00:01:54,120 --> 00:01:56,159 Enrons Professionals. 46 00:01:56,160 --> 00:01:58,139 I'm the co-founder of Triptonide Arc. 47 00:02:00,410 --> 00:02:01,410 No, 48 00:02:03,410 --> 00:02:05,809 I I'm a Bluetooth security 49 00:02:05,810 --> 00:02:08,359 expert. I'm based in Salzburg, Austria. 50 00:02:08,360 --> 00:02:10,999 And you find me on all kinds of 51 00:02:11,000 --> 00:02:12,000 networks. 52 00:02:14,240 --> 00:02:16,909 So what happened so far with TV 53 00:02:16,910 --> 00:02:19,089 security are, let's say, smart TV 54 00:02:19,090 --> 00:02:21,859 security first in September 55 00:02:21,860 --> 00:02:22,819 2012. 56 00:02:22,820 --> 00:02:25,249 It's like the first occurrence 57 00:02:25,250 --> 00:02:28,399 where people were hacking 58 00:02:28,400 --> 00:02:29,959 Samsung smart TVs. 59 00:02:29,960 --> 00:02:32,959 Locally, they were able to 60 00:02:32,960 --> 00:02:35,119 have use sticks that allowed them 61 00:02:35,120 --> 00:02:37,249 to to work on the root 62 00:02:37,250 --> 00:02:39,769 shell in 63 00:02:39,770 --> 00:02:42,259 March 2013 and can sequester. 64 00:02:42,260 --> 00:02:44,479 It's been a very interesting talk 65 00:02:44,480 --> 00:02:46,579 where they showed that even 66 00:02:46,580 --> 00:02:48,650 Trojans are possible on smart TVs, 67 00:02:50,330 --> 00:02:52,789 and in May 68 00:02:52,790 --> 00:02:55,249 2013, the TV Darmstadt published 69 00:02:55,250 --> 00:02:57,679 a paper on the privacy issues with HPV 70 00:02:57,680 --> 00:02:58,849 TV. 71 00:02:58,850 --> 00:03:01,189 Shortly after that, I published 72 00:03:01,190 --> 00:03:03,799 an article about security issues with 73 00:03:03,800 --> 00:03:06,229 with HPV TV. 74 00:03:06,230 --> 00:03:08,449 And after that, 75 00:03:08,450 --> 00:03:10,549 in August, people 76 00:03:10,550 --> 00:03:13,189 were attacking smart TVs at blackhead 77 00:03:13,190 --> 00:03:15,439 with poorly designed apps like 78 00:03:15,440 --> 00:03:16,440 Skype. 79 00:03:17,030 --> 00:03:19,369 In November 2013, news surfaced 80 00:03:19,370 --> 00:03:22,309 that LG is transmitting info 81 00:03:22,310 --> 00:03:25,789 about the user back to the company, 82 00:03:25,790 --> 00:03:27,859 which actually is not related 83 00:03:27,860 --> 00:03:29,810 to HPV TV, even though it got 84 00:03:31,250 --> 00:03:33,800 mentioned that like this infests? 85 00:03:37,110 --> 00:03:39,839 So where does HB TV 86 00:03:39,840 --> 00:03:42,209 come from? It's a pan-European effort. 87 00:03:42,210 --> 00:03:44,459 It's been two projects a French 88 00:03:44,460 --> 00:03:47,009 one and a German one that's 89 00:03:47,010 --> 00:03:49,679 combined their efforts into HPV TV, 90 00:03:49,680 --> 00:03:50,680 and it's 91 00:03:51,990 --> 00:03:54,539 published in June 2010, 92 00:03:55,680 --> 00:03:58,109 and it adopts existing specifications 93 00:03:58,110 --> 00:04:00,539 like the team LC profile 94 00:04:00,540 --> 00:04:02,879 and YPF, the open IPTV 95 00:04:02,880 --> 00:04:03,880 Forum Standard. 96 00:04:04,980 --> 00:04:07,409 The goal is to combine broadcast content 97 00:04:07,410 --> 00:04:08,879 with online content. 98 00:04:08,880 --> 00:04:12,389 How this works is shown afterwards. 99 00:04:12,390 --> 00:04:14,819 The intended use cases for HPV TV 100 00:04:14,820 --> 00:04:17,219 are some are things like 101 00:04:17,220 --> 00:04:19,828 enhanced teletext catch of services, 102 00:04:19,829 --> 00:04:21,389 video on demand, interactive 103 00:04:21,390 --> 00:04:23,789 advertisement, personalization, 104 00:04:23,790 --> 00:04:26,009 voting, gaming and so on, and 105 00:04:26,010 --> 00:04:28,199 the social experience of watching TV 106 00:04:28,200 --> 00:04:29,339 should also be included. 107 00:04:30,420 --> 00:04:31,919 So how does this all work? 108 00:04:31,920 --> 00:04:34,199 First, we have to the right, 109 00:04:34,200 --> 00:04:36,359 the TV station, which is producing 110 00:04:36,360 --> 00:04:38,369 the content or buying the content and 111 00:04:38,370 --> 00:04:40,529 airing it over 112 00:04:40,530 --> 00:04:42,659 like in this example 113 00:04:42,660 --> 00:04:44,729 via the BBC over a 114 00:04:44,730 --> 00:04:46,619 satellite infrastructure. 115 00:04:46,620 --> 00:04:48,599 There's also other ways of distributing 116 00:04:48,600 --> 00:04:50,909 that you know that Steve BBC or 117 00:04:50,910 --> 00:04:53,430 BBC with terrestrial or cable. 118 00:04:55,080 --> 00:04:57,389 And finally, the video and audio 119 00:04:57,390 --> 00:04:59,819 content is displayed on the TV. 120 00:05:01,020 --> 00:05:03,389 How does that all change with hybrid 121 00:05:03,390 --> 00:05:05,379 broadcast broadband TV? 122 00:05:05,380 --> 00:05:07,619 Here's a scene that the station 123 00:05:07,620 --> 00:05:09,659 not only publishes this audio and video 124 00:05:09,660 --> 00:05:11,999 stream, but also augments some 125 00:05:12,000 --> 00:05:14,369 information into that stream, 126 00:05:14,370 --> 00:05:16,499 which is then distributed via the 127 00:05:16,500 --> 00:05:18,599 same ways like DVDs, 128 00:05:18,600 --> 00:05:20,729 T or C, and it's displayed on 129 00:05:20,730 --> 00:05:23,009 the TV again, with the addition that 130 00:05:23,010 --> 00:05:25,169 the TV, when it's HBO 131 00:05:25,170 --> 00:05:27,299 TV capable, is able to read 132 00:05:27,300 --> 00:05:29,369 this information which get augmented into 133 00:05:29,370 --> 00:05:31,859 that stream and 134 00:05:31,860 --> 00:05:34,109 establishes an HDTV connection back 135 00:05:34,110 --> 00:05:35,110 to the station. 136 00:05:38,870 --> 00:05:40,429 So the main 137 00:05:41,570 --> 00:05:43,399 thing about this concept is it's a red 138 00:05:43,400 --> 00:05:44,509 button. 139 00:05:44,510 --> 00:05:47,059 I found this red button on there, 140 00:05:47,060 --> 00:05:49,879 which is known as a panic button, right? 141 00:05:49,880 --> 00:05:52,249 And obviously BBC 142 00:05:52,250 --> 00:05:54,469 kind of came up with this idea of the red 143 00:05:54,470 --> 00:05:55,729 button. 144 00:05:55,730 --> 00:05:57,799 And during the talk, 145 00:05:57,800 --> 00:05:59,959 you will find out why it's still a good 146 00:05:59,960 --> 00:06:02,149 idea to be in panic when you see this 147 00:06:02,150 --> 00:06:03,150 kind of button. 148 00:06:05,220 --> 00:06:07,509 That is the slide that seven 149 00:06:07,510 --> 00:06:09,779 on media shows 150 00:06:09,780 --> 00:06:11,549 their customers, their advertisement 151 00:06:11,550 --> 00:06:12,779 customers. 152 00:06:12,780 --> 00:06:14,969 What you're seeing there is a chart of of 153 00:06:14,970 --> 00:06:17,249 unique devices that are 154 00:06:17,250 --> 00:06:19,529 consuming the program from 155 00:06:19,530 --> 00:06:20,639 this firm. 156 00:06:20,640 --> 00:06:22,189 It's like proceedings that aids 157 00:06:22,190 --> 00:06:23,639 compliance and some more. 158 00:06:24,750 --> 00:06:26,939 Hmm. And it's 159 00:06:26,940 --> 00:06:27,940 pretty accurate. 160 00:06:29,580 --> 00:06:31,829 But as you can see 161 00:06:31,830 --> 00:06:34,049 something saying, this is from Nielsen 162 00:06:34,050 --> 00:06:36,119 or any other company doing 163 00:06:36,120 --> 00:06:38,939 these kind of inquiries. 164 00:06:38,940 --> 00:06:41,159 You have to think about where did they 165 00:06:41,160 --> 00:06:43,739 get that information from? 166 00:06:43,740 --> 00:06:44,740 How do they know that? 167 00:06:46,590 --> 00:06:48,329 And in order to understand that, 168 00:06:49,830 --> 00:06:52,229 just imagine you come back home, switch 169 00:06:52,230 --> 00:06:54,089 on your television, and that is what you 170 00:06:54,090 --> 00:06:55,049 see. 171 00:06:55,050 --> 00:06:56,789 Actually, I have to explain this. 172 00:06:56,790 --> 00:06:58,979 The stock was held last time in India. 173 00:06:58,980 --> 00:07:00,629 That's why this is still Bollywood. 174 00:07:03,260 --> 00:07:05,419 But what you're really seeing 175 00:07:05,420 --> 00:07:07,639 when you look at that is 176 00:07:07,640 --> 00:07:09,739 a Cookie Monster Cookie Monster 177 00:07:09,740 --> 00:07:10,740 because. 178 00:07:13,470 --> 00:07:15,989 Your TV is a browser, and this 179 00:07:15,990 --> 00:07:18,419 specific use case, the red buttons 180 00:07:18,420 --> 00:07:20,909 displayed like an HD Mail page 181 00:07:20,910 --> 00:07:23,099 overlapping the the the actual 182 00:07:23,100 --> 00:07:25,169 image, and it's 183 00:07:25,170 --> 00:07:26,159 mostly transparent. 184 00:07:26,160 --> 00:07:28,259 It only shows you a section like 185 00:07:28,260 --> 00:07:30,479 displayed in their press the red 186 00:07:30,480 --> 00:07:32,069 button in order to see more. 187 00:07:34,570 --> 00:07:35,570 And 188 00:07:36,940 --> 00:07:38,799 the page is actually loaded by the 189 00:07:38,800 --> 00:07:40,779 television in the moment the person 190 00:07:40,780 --> 00:07:42,999 switches to that specific station. 191 00:07:43,000 --> 00:07:45,249 And that was like the big privacy 192 00:07:45,250 --> 00:07:47,139 issue with that because the television 193 00:07:47,140 --> 00:07:49,509 station is able to see when 194 00:07:49,510 --> 00:07:51,639 you are watching without 195 00:07:51,640 --> 00:07:53,559 you being able to opt out. 196 00:07:56,950 --> 00:07:59,199 In order to collect some data, 197 00:07:59,200 --> 00:08:02,109 I used to transfer in proxy approach. 198 00:08:02,110 --> 00:08:04,359 I extracted the channel from 199 00:08:04,360 --> 00:08:07,149 the television and 200 00:08:07,150 --> 00:08:09,339 I was simply having some scripts 201 00:08:09,340 --> 00:08:11,589 that switched the channels 202 00:08:11,590 --> 00:08:12,579 over the network. 203 00:08:12,580 --> 00:08:14,679 You find some scripts doing that, and 204 00:08:14,680 --> 00:08:16,899 I adopted that for like sending 205 00:08:16,900 --> 00:08:18,549 keys from that channel list. 206 00:08:19,570 --> 00:08:22,299 And then I script for copying 207 00:08:22,300 --> 00:08:24,459 or saving the proxy log per 208 00:08:24,460 --> 00:08:25,869 station. 209 00:08:25,870 --> 00:08:28,239 And what I got is it's a data basis 210 00:08:28,240 --> 00:08:30,939 with a lot of URLs that are already 211 00:08:30,940 --> 00:08:33,609 published on the Unite page. 212 00:08:33,610 --> 00:08:35,769 I will show you some 213 00:08:35,770 --> 00:08:36,770 links afterwards. 214 00:08:38,080 --> 00:08:40,239 And this is the basis for 215 00:08:40,240 --> 00:08:42,459 first investigation. 216 00:08:42,460 --> 00:08:44,949 What you see here is the total number 217 00:08:44,950 --> 00:08:47,139 of channels that are not 218 00:08:47,140 --> 00:08:48,279 radio stations. 219 00:08:48,280 --> 00:08:50,499 There's TV HD channels 220 00:08:50,500 --> 00:08:52,809 and about 100 19 221 00:08:52,810 --> 00:08:55,059 of them already have an HPV 222 00:08:55,060 --> 00:08:57,339 TV signal in there. 223 00:08:57,340 --> 00:08:59,409 So but that boils down 224 00:08:59,410 --> 00:09:02,139 to only about 40 different hosts 225 00:09:02,140 --> 00:09:04,809 and maybe about 15 entertainment 226 00:09:04,810 --> 00:09:07,329 providers from Austria, Germany, 227 00:09:07,330 --> 00:09:08,829 Switzerland and Poland. 228 00:09:10,480 --> 00:09:12,219 Entertainment providers a word that I 229 00:09:12,220 --> 00:09:14,679 have to explain. Maybe it's 230 00:09:14,680 --> 00:09:17,139 different from a station that offers 231 00:09:17,140 --> 00:09:19,899 content which is stream like TV. 232 00:09:19,900 --> 00:09:22,389 An entertainment provider is 233 00:09:22,390 --> 00:09:24,909 an institution that delivers online 234 00:09:24,910 --> 00:09:27,489 content via HPV TV, 235 00:09:27,490 --> 00:09:29,499 and in the end, you will see it's like 236 00:09:29,500 --> 00:09:31,629 every network like 237 00:09:32,830 --> 00:09:35,169 proceedings that AIDS is an entertainment 238 00:09:35,170 --> 00:09:37,749 provider, and there's some that 239 00:09:37,750 --> 00:09:39,789 to all the local TV stations. 240 00:09:39,790 --> 00:09:41,499 You will see that in the your eldest. 241 00:09:41,500 --> 00:09:42,759 If you're interested in that. 242 00:09:46,960 --> 00:09:49,059 And what you see as well 243 00:09:49,060 --> 00:09:51,489 is that some of the 244 00:09:51,490 --> 00:09:53,949 entertainment providers are channels 245 00:09:53,950 --> 00:09:56,479 are using ad servers. 246 00:09:56,480 --> 00:09:58,389 Openness seems to be very popular for 247 00:09:58,390 --> 00:10:00,519 that. It's I found that 248 00:10:00,520 --> 00:10:02,879 in two different stations and 249 00:10:02,880 --> 00:10:03,880 Onyx 250 00:10:04,990 --> 00:10:06,489 used that. 251 00:10:06,490 --> 00:10:08,829 I don't know if you watch and it's 252 00:10:08,830 --> 00:10:11,259 I don't like it, but I 253 00:10:11,260 --> 00:10:14,439 caught them in the act of displaying 254 00:10:14,440 --> 00:10:16,899 the banner as a kind of frame 255 00:10:16,900 --> 00:10:19,539 to the image which got resized 256 00:10:19,540 --> 00:10:21,849 in order to fit in that frame. 257 00:10:21,850 --> 00:10:24,519 Since they don't have restrictive 258 00:10:24,520 --> 00:10:26,739 directory settings, I was able to 259 00:10:26,740 --> 00:10:28,899 see that they already started with that 260 00:10:28,900 --> 00:10:31,599 in October 2000 11, 261 00:10:31,600 --> 00:10:33,069 which is pretty early in this area 262 00:10:33,070 --> 00:10:35,259 because almost no device by that 263 00:10:35,260 --> 00:10:37,359 time was capable of displaying 264 00:10:37,360 --> 00:10:39,759 HPV TV content. 265 00:10:39,760 --> 00:10:42,100 Also, RTL too uses that for 266 00:10:43,510 --> 00:10:45,909 showing banners in their Portal page, 267 00:10:45,910 --> 00:10:48,069 so a little more friendly than 268 00:10:48,070 --> 00:10:49,959 the OnLeaks approach. 269 00:10:49,960 --> 00:10:51,939 And of course, they use GIPHY in order to 270 00:10:51,940 --> 00:10:55,029 find out where you live and what 271 00:10:55,030 --> 00:10:57,159 the right banner for you 272 00:10:57,160 --> 00:10:58,160 should display. 273 00:11:00,530 --> 00:11:02,449 There's also a lot of use of third party 274 00:11:02,450 --> 00:11:04,579 tracking tools like Google Analytics, 275 00:11:04,580 --> 00:11:06,889 it's almost implemented in 22 276 00:11:06,890 --> 00:11:08,389 different channels. 277 00:11:08,390 --> 00:11:11,029 Among these are like very 278 00:11:11,030 --> 00:11:13,189 large companies 279 00:11:13,190 --> 00:11:15,559 like almost every channel 280 00:11:15,560 --> 00:11:18,139 that the proceedings at aince media games 281 00:11:18,140 --> 00:11:19,639 is publishing. 282 00:11:20,870 --> 00:11:22,969 There's other tracking services used 283 00:11:22,970 --> 00:11:24,119 with four channels. 284 00:11:24,120 --> 00:11:26,209 It's each liquor and 285 00:11:26,210 --> 00:11:28,789 gaming use for Poland, and 286 00:11:29,840 --> 00:11:32,359 seven channels are using cookies 287 00:11:32,360 --> 00:11:34,669 where, whereas it's not clear yet 288 00:11:34,670 --> 00:11:36,739 if the ID within that, 289 00:11:36,740 --> 00:11:39,349 these cookies are changing. 290 00:11:39,350 --> 00:11:41,419 I tried to find out, but didn't 291 00:11:41,420 --> 00:11:43,009 have so much time for that yet. 292 00:11:45,320 --> 00:11:47,569 So the legal aspects of that, since 293 00:11:47,570 --> 00:11:49,729 I'm not a lawyer, I won't focus on 294 00:11:49,730 --> 00:11:50,809 that very much. 295 00:11:50,810 --> 00:11:52,649 They said in Germany, at least, they're 296 00:11:52,650 --> 00:11:54,769 still meeting the sets, and 297 00:11:54,770 --> 00:11:56,869 paragraph 15 talks 298 00:11:56,870 --> 00:11:59,869 about the collection of usage data 299 00:11:59,870 --> 00:12:02,119 and the tone tracking could 300 00:12:02,120 --> 00:12:04,369 be considered illegal. 301 00:12:04,370 --> 00:12:06,499 As I was mentioning earlier, 302 00:12:06,500 --> 00:12:08,539 there's very few parts of the 303 00:12:08,540 --> 00:12:10,759 applications that allow you to opt out 304 00:12:10,760 --> 00:12:12,499 from data collection. 305 00:12:12,500 --> 00:12:14,659 The idea is that the to 306 00:12:14,660 --> 00:12:15,660 offer that. 307 00:12:19,280 --> 00:12:21,559 So what we learn from this is that not 308 00:12:21,560 --> 00:12:24,139 only Big Brother is watching you. 309 00:12:24,140 --> 00:12:25,999 You should be well aware that there's a 310 00:12:26,000 --> 00:12:27,949 lot of private companies collecting data 311 00:12:27,950 --> 00:12:30,019 about your TV watching. 312 00:12:33,730 --> 00:12:34,730 Right. 313 00:12:37,080 --> 00:12:39,479 So if you look at that from a security 314 00:12:39,480 --> 00:12:41,849 perspective, there's 315 00:12:41,850 --> 00:12:44,099 a few points where 316 00:12:44,100 --> 00:12:46,349 we see easy ways to 317 00:12:46,350 --> 00:12:48,689 manipulate or more or less easy 318 00:12:48,690 --> 00:12:50,999 ways to manipulate the information 319 00:12:51,000 --> 00:12:53,429 being transmitted from the TV station 320 00:12:53,430 --> 00:12:54,430 to the TV. 321 00:12:55,620 --> 00:12:58,049 First, there is 322 00:12:58,050 --> 00:13:00,179 a possibility of attacking the play out 323 00:13:00,180 --> 00:13:02,369 system, like 324 00:13:02,370 --> 00:13:04,499 the the media house, doing the 325 00:13:04,500 --> 00:13:06,419 production and airing that to the 326 00:13:06,420 --> 00:13:07,470 distribution channel. 327 00:13:08,760 --> 00:13:10,079 How likely is this? 328 00:13:10,080 --> 00:13:12,779 Depending very much on the 329 00:13:12,780 --> 00:13:14,909 depending media station 330 00:13:14,910 --> 00:13:15,910 or media house, 331 00:13:17,580 --> 00:13:19,829 but from what you see later 332 00:13:19,830 --> 00:13:21,989 in the stock, some of these media 333 00:13:21,990 --> 00:13:23,879 houses do not have a good understanding 334 00:13:23,880 --> 00:13:26,309 of of security, and maybe 335 00:13:26,310 --> 00:13:28,109 this is feasible in some cases. 336 00:13:29,910 --> 00:13:32,549 The impact level would be very high to 337 00:13:32,550 --> 00:13:33,550 to inject 338 00:13:34,860 --> 00:13:36,809 different information at the very source 339 00:13:36,810 --> 00:13:38,130 of this information so 340 00:13:39,310 --> 00:13:41,849 that attacking satellites 341 00:13:41,850 --> 00:13:44,069 are DVB, T or C could 342 00:13:44,070 --> 00:13:46,589 also be an opportunity to inject 343 00:13:46,590 --> 00:13:47,969 information. 344 00:13:47,970 --> 00:13:49,529 I'm not really aware about the 345 00:13:49,530 --> 00:13:50,530 probability 346 00:13:52,110 --> 00:13:54,239 that someone could get into a satellite 347 00:13:54,240 --> 00:13:56,339 system and replacing the DVP 348 00:13:56,340 --> 00:13:58,529 content on there, but 349 00:13:59,940 --> 00:14:02,209 maybe it's different for DVT or did you 350 00:14:02,210 --> 00:14:03,210 see 351 00:14:05,340 --> 00:14:07,769 the impact level of this varies depending 352 00:14:07,770 --> 00:14:09,519 on the range that this technology 353 00:14:09,520 --> 00:14:10,520 serving? 354 00:14:12,600 --> 00:14:14,909 But how about this satellite of hacking, 355 00:14:14,910 --> 00:14:16,979 you should ask Travis Goodspeed 356 00:14:16,980 --> 00:14:18,870 if he has some ideas with that 357 00:14:19,980 --> 00:14:22,199 water, no watering hole attacks 358 00:14:22,200 --> 00:14:24,509 like the web server at this 359 00:14:24,510 --> 00:14:27,239 at this TV station site. 360 00:14:27,240 --> 00:14:29,489 If you get there and 361 00:14:29,490 --> 00:14:31,979 are able to inject 362 00:14:31,980 --> 00:14:34,079 information there, the impact is 363 00:14:34,080 --> 00:14:36,389 also very high since this is the only 364 00:14:36,390 --> 00:14:38,969 source of information that is requested 365 00:14:38,970 --> 00:14:40,259 from the TVs. 366 00:14:40,260 --> 00:14:42,479 No matter of the off 367 00:14:42,480 --> 00:14:44,549 the distribution channel. 368 00:14:44,550 --> 00:14:47,009 So there's a very old configuration 369 00:14:47,010 --> 00:14:49,079 on one of the service within that lists. 370 00:14:50,940 --> 00:14:53,369 I checked back yesterday. 371 00:14:53,370 --> 00:14:54,509 They still didn't fix it. 372 00:14:54,510 --> 00:14:56,639 Maybe I should start telling people 373 00:14:56,640 --> 00:14:57,640 about that. 374 00:14:58,560 --> 00:15:00,539 I don't know if you're aware of the 375 00:15:00,540 --> 00:15:02,189 versions of very old. 376 00:15:02,190 --> 00:15:04,709 It's up for one 377 00:15:04,710 --> 00:15:05,710 two. 378 00:15:06,600 --> 00:15:08,729 I don't know how likely it is 379 00:15:08,730 --> 00:15:10,859 to get in there, but you could give it 380 00:15:10,860 --> 00:15:11,860 a try. Maybe 381 00:15:13,470 --> 00:15:15,669 attacks on DNS are also happening. 382 00:15:18,000 --> 00:15:20,279 I put my gym skills 383 00:15:20,280 --> 00:15:23,099 where like at the limit here. 384 00:15:23,100 --> 00:15:25,019 This is, of course, an authentic NSA 385 00:15:25,020 --> 00:15:26,789 slight DNS spoofing. 386 00:15:26,790 --> 00:15:28,529 Our cash fighting is a very common 387 00:15:28,530 --> 00:15:29,530 attack. 388 00:15:29,970 --> 00:15:32,069 The traffic is diverted to 389 00:15:32,070 --> 00:15:34,799 deliberately to a wrong 390 00:15:34,800 --> 00:15:37,289 server by resolving 391 00:15:37,290 --> 00:15:39,379 the name incorrectly. 392 00:15:42,820 --> 00:15:45,189 And in the end, it's about injecting 393 00:15:45,190 --> 00:15:47,289 own content, right, as 394 00:15:47,290 --> 00:15:49,479 this is not used in a lot of cases, so 395 00:15:49,480 --> 00:15:51,669 men in the middle, it's very possible or 396 00:15:51,670 --> 00:15:53,769 by any other means of the of the 397 00:15:53,770 --> 00:15:55,059 ones I introduced. 398 00:15:55,060 --> 00:15:57,939 Yet now it's possible to inject 399 00:15:57,940 --> 00:16:00,309 own content, and this sometimes could be 400 00:16:00,310 --> 00:16:01,310 very hard. 401 00:16:03,270 --> 00:16:05,489 So let's put ourselves into the situation 402 00:16:05,490 --> 00:16:07,829 of a really evil person, 403 00:16:07,830 --> 00:16:10,139 as we all know, Dr. Evil wants 404 00:16:10,140 --> 00:16:11,220 to destroy the world. 405 00:16:12,750 --> 00:16:14,849 And how does he destroy the 406 00:16:14,850 --> 00:16:16,169 world's best? 407 00:16:16,170 --> 00:16:17,170 Anyone. 408 00:16:18,050 --> 00:16:19,819 He uses HPV TV. 409 00:16:19,820 --> 00:16:20,820 Sure. 410 00:16:21,950 --> 00:16:23,659 So how would he do that in detail? 411 00:16:25,700 --> 00:16:27,229 Hackers could, for example, inject their 412 00:16:27,230 --> 00:16:29,899 favorite movie clips, right? 413 00:16:29,900 --> 00:16:32,059 These facial expressions remind me of the 414 00:16:32,060 --> 00:16:34,189 responsibilities of two girls, one cup 415 00:16:34,190 --> 00:16:35,899 of every. If anyone knows that, 416 00:16:37,040 --> 00:16:38,809 I'm just suggesting stuff you could 417 00:16:38,810 --> 00:16:39,810 display there. 418 00:16:42,020 --> 00:16:43,979 There's a new a brand new tracking 419 00:16:43,980 --> 00:16:45,419 project, which is called the spoof 420 00:16:45,420 --> 00:16:47,599 ticker, and the spoof ticker is 421 00:16:47,600 --> 00:16:49,759 crafted to overlay the new 422 00:16:49,760 --> 00:16:52,519 stickers off German TV stations 423 00:16:52,520 --> 00:16:54,799 with snippets of 424 00:16:54,800 --> 00:16:55,800 their posterior on. 425 00:17:03,480 --> 00:17:05,338 Stefan Zuckerman gave permission for 426 00:17:05,339 --> 00:17:07,409 this, and I have to say 427 00:17:07,410 --> 00:17:09,358 it while testing that sometimes it's 428 00:17:09,359 --> 00:17:10,919 really hard to tell the difference 429 00:17:10,920 --> 00:17:12,329 between original. 430 00:17:17,780 --> 00:17:19,789 You see the spoof Tiger in action. 431 00:17:21,800 --> 00:17:24,318 Yeah. I don't have to read that to you. 432 00:17:24,319 --> 00:17:26,989 I'm actually looking for English 433 00:17:26,990 --> 00:17:29,119 language, can news like that? 434 00:17:29,120 --> 00:17:31,129 And I think The Onion does have something 435 00:17:31,130 --> 00:17:33,679 like that. But if you have ideas, 436 00:17:33,680 --> 00:17:35,899 I will show you how to give these 437 00:17:35,900 --> 00:17:36,900 ideas to me. 438 00:17:39,300 --> 00:17:41,459 Sure. Since the browser 439 00:17:41,460 --> 00:17:43,619 of the TV has a full blown JavaScript 440 00:17:43,620 --> 00:17:46,049 engine built in, sometimes 441 00:17:46,050 --> 00:17:47,759 they just use web kit or other 442 00:17:47,760 --> 00:17:50,369 Open-Source implementations 443 00:17:50,370 --> 00:17:52,469 of browsers, and of 444 00:17:52,470 --> 00:17:54,689 course, your television could become 445 00:17:54,690 --> 00:17:55,739 part of a botnet. 446 00:17:58,680 --> 00:18:00,899 Very much, depending on the hurt of 447 00:18:00,900 --> 00:18:01,900 that botnets, 448 00:18:02,970 --> 00:18:05,209 your television could be used to 449 00:18:05,210 --> 00:18:07,469 to do network scans, maybe 450 00:18:07,470 --> 00:18:09,689 in your home network, time based, 451 00:18:09,690 --> 00:18:11,069 you know how that works. There's a very 452 00:18:11,070 --> 00:18:13,679 good page on this is called A&E lapsed at 453 00:18:13,680 --> 00:18:14,680 ARC. 454 00:18:15,060 --> 00:18:16,409 They show how to do that. 455 00:18:16,410 --> 00:18:18,599 Time based scans with HD Mail 456 00:18:18,600 --> 00:18:21,089 means or JavaScript means 457 00:18:21,090 --> 00:18:23,639 bitcoin mining could be a possibility, 458 00:18:23,640 --> 00:18:25,619 even though televisions are not really 459 00:18:25,620 --> 00:18:27,959 performance. They have JavaScript 460 00:18:27,960 --> 00:18:29,759 built in. But to the other hand, there is 461 00:18:29,760 --> 00:18:31,889 not really an implementation for bitcoin 462 00:18:31,890 --> 00:18:34,049 mining that purely based 463 00:18:34,050 --> 00:18:35,609 on JavaScript. 464 00:18:35,610 --> 00:18:38,219 But what's very possible is like 465 00:18:38,220 --> 00:18:40,499 MD5 hash cracking or password 466 00:18:40,500 --> 00:18:42,629 hash cracking or 467 00:18:42,630 --> 00:18:44,849 DDoS attacks or any other 468 00:18:44,850 --> 00:18:46,619 attack that you could think of in 469 00:18:46,620 --> 00:18:49,019 conjunction with JavaScript, right? 470 00:18:49,020 --> 00:18:50,699 And you could generate new TV 471 00:18:50,700 --> 00:18:52,109 performance. 472 00:18:52,110 --> 00:18:54,239 Just say like whenever there's 473 00:18:54,240 --> 00:18:56,459 a certain TV show on 474 00:18:56,460 --> 00:18:58,619 within that moment, all 475 00:18:58,620 --> 00:19:01,019 the televisions are part of Adidas attack 476 00:19:01,020 --> 00:19:03,149 and requests a certain 477 00:19:03,150 --> 00:19:04,150 server. 478 00:19:05,770 --> 00:19:08,159 How about this music 479 00:19:08,160 --> 00:19:10,389 music, Duncan started attacks, resistance 480 00:19:10,390 --> 00:19:11,349 is futile. 481 00:19:11,350 --> 00:19:14,169 Just imagine every time this airs, 482 00:19:14,170 --> 00:19:16,359 every TV watching it, and it's a lot 483 00:19:16,360 --> 00:19:19,359 of them connects to the public 484 00:19:19,360 --> 00:19:20,409 stations, right? 485 00:19:20,410 --> 00:19:22,569 In order to to 486 00:19:22,570 --> 00:19:24,129 demonstrate against this kind of 487 00:19:24,130 --> 00:19:25,130 programing. 488 00:19:29,230 --> 00:19:30,759 So what are the countermeasures? 489 00:19:30,760 --> 00:19:32,559 What could you do in order to protect 490 00:19:32,560 --> 00:19:34,989 yourself from from being spied 491 00:19:34,990 --> 00:19:37,209 on, from being part of an evil 492 00:19:37,210 --> 00:19:39,759 attack to somebody else? 493 00:19:39,760 --> 00:19:41,949 You could, of course, build a fortress, 494 00:19:41,950 --> 00:19:43,749 a couch fortress, and it's supposed to be 495 00:19:43,750 --> 00:19:45,819 very funny, as you could see 496 00:19:45,820 --> 00:19:48,490 probably the little guy smiling. 497 00:19:49,930 --> 00:19:52,629 But is that an effective countermeasure? 498 00:19:52,630 --> 00:19:53,679 I don't think so. 499 00:19:55,150 --> 00:19:57,519 You could disconnect your smart TV, like 500 00:19:57,520 --> 00:19:59,709 many others did already. 501 00:19:59,710 --> 00:20:02,499 There's a very recent research 502 00:20:02,500 --> 00:20:04,659 showing that almost half of the 503 00:20:04,660 --> 00:20:06,819 owners of a smart TV do 504 00:20:06,820 --> 00:20:09,009 not even connected to the internet. 505 00:20:09,010 --> 00:20:10,510 Probably they knew already 506 00:20:12,490 --> 00:20:14,409 you could use a proxy, a firewall, and 507 00:20:14,410 --> 00:20:17,019 there's a lot of projects 508 00:20:17,020 --> 00:20:19,209 based on the Raspberry Pi. 509 00:20:19,210 --> 00:20:21,159 But in the end, it's just one more device 510 00:20:21,160 --> 00:20:22,719 in your living room, and you have a high 511 00:20:22,720 --> 00:20:25,569 effort of maintaining blacklists 512 00:20:25,570 --> 00:20:27,669 of which channel should get through 513 00:20:27,670 --> 00:20:29,499 and otherwise 514 00:20:30,970 --> 00:20:33,069 easier for that, you could use a 515 00:20:33,070 --> 00:20:35,319 DNS approach to block or 516 00:20:35,320 --> 00:20:36,609 allow certain hosts. 517 00:20:40,150 --> 00:20:41,769 But the same problems appear here. 518 00:20:41,770 --> 00:20:44,170 You have to maintain these lists again. 519 00:20:48,960 --> 00:20:51,029 And here's the solution. 520 00:20:51,030 --> 00:20:53,309 It's called how the 521 00:20:53,310 --> 00:20:55,439 HPV TV access limiter, and 522 00:20:55,440 --> 00:20:57,629 it's there to serve and protect smart 523 00:20:57,630 --> 00:20:59,099 TVs and your privacy. 524 00:21:01,440 --> 00:21:03,779 How HAL works It's a virtual 525 00:21:03,780 --> 00:21:05,579 server based in Germany, 526 00:21:06,960 --> 00:21:09,390 and it implements a DNS server which 527 00:21:10,680 --> 00:21:12,809 spoofs every address, 528 00:21:12,810 --> 00:21:15,119 but not the ones on a whitelist. 529 00:21:15,120 --> 00:21:17,129 And it's spoofing all the named 530 00:21:17,130 --> 00:21:19,439 resolutions with the IP address of 531 00:21:19,440 --> 00:21:22,169 the server itself, which then serves 532 00:21:22,170 --> 00:21:24,299 some fake content which 533 00:21:24,300 --> 00:21:26,879 prevents the television of 534 00:21:26,880 --> 00:21:29,279 getting a timeout or contacting 535 00:21:29,280 --> 00:21:31,079 the original server, which might do some 536 00:21:31,080 --> 00:21:32,849 statistics on your behavior. 537 00:21:36,280 --> 00:21:38,409 It's in the very early stages, though, 538 00:21:38,410 --> 00:21:40,539 hell just started, 539 00:21:40,540 --> 00:21:41,540 and it's. 540 00:21:43,060 --> 00:21:45,279 It's planned that there's at least 541 00:21:45,280 --> 00:21:47,440 four stages that are 542 00:21:48,550 --> 00:21:50,800 repeated iteration rationally. 543 00:21:52,180 --> 00:21:54,009 The first stage is collecting data. 544 00:21:54,010 --> 00:21:56,139 It's currently happening, and 545 00:21:56,140 --> 00:21:58,429 it's collecting data about the HPV 546 00:21:58,430 --> 00:22:00,669 TV application, 547 00:22:00,670 --> 00:22:02,589 data on the different entertainment 548 00:22:02,590 --> 00:22:04,839 provider sites and about smart 549 00:22:04,840 --> 00:22:06,489 TV data. 550 00:22:06,490 --> 00:22:09,369 Stage two would be data analysis 551 00:22:09,370 --> 00:22:11,559 definition of criteria for HPV 552 00:22:11,560 --> 00:22:13,629 TV apps just to find out which 553 00:22:13,630 --> 00:22:16,479 ones should get on the white list and 554 00:22:16,480 --> 00:22:18,639 to the other hand, which ones should be 555 00:22:18,640 --> 00:22:19,640 blocked. 556 00:22:20,830 --> 00:22:23,559 And there's also like semi-automatic 557 00:22:23,560 --> 00:22:25,989 HPV TV app auditing. 558 00:22:25,990 --> 00:22:28,629 I will explain that later how that works. 559 00:22:28,630 --> 00:22:31,359 And finally, there should be a white list 560 00:22:31,360 --> 00:22:33,699 which is productive. 561 00:22:33,700 --> 00:22:35,499 You know, there should be that the server 562 00:22:35,500 --> 00:22:37,699 there, you shouldn't really think about 563 00:22:37,700 --> 00:22:39,220 much and just use it. 564 00:22:41,600 --> 00:22:44,149 Which units does hell comprise 565 00:22:44,150 --> 00:22:46,249 off, there's this data collection 566 00:22:46,250 --> 00:22:48,229 unit, and what you see here is the fake 567 00:22:48,230 --> 00:22:49,849 red button. 568 00:22:49,850 --> 00:22:52,099 And when you see that your 569 00:22:52,100 --> 00:22:53,899 television already sends this 570 00:22:53,900 --> 00:22:56,059 information, which is displayed here, 571 00:22:56,060 --> 00:22:57,199 it's a station name. 572 00:22:57,200 --> 00:22:59,269 It's a very unique DVD 573 00:22:59,270 --> 00:23:01,579 triplets because the station name 574 00:23:01,580 --> 00:23:04,309 is not even very 575 00:23:04,310 --> 00:23:06,439 unique. There's three sad three sad 576 00:23:06,440 --> 00:23:08,929 HD like in this example, 577 00:23:08,930 --> 00:23:10,699 sometimes they don't differentiate in the 578 00:23:10,700 --> 00:23:12,849 name, but for sure in the DVD 579 00:23:12,850 --> 00:23:13,850 triplets. 580 00:23:14,720 --> 00:23:16,789 Then I send the 581 00:23:16,790 --> 00:23:18,919 TV manufacturer and the red 582 00:23:18,920 --> 00:23:21,019 button the URL, which is accessed 583 00:23:21,020 --> 00:23:22,699 or should have been accessed. 584 00:23:24,810 --> 00:23:27,059 And this is a smart TV 585 00:23:27,060 --> 00:23:28,899 auditing unit. 586 00:23:28,900 --> 00:23:31,019 And what you see is like every 587 00:23:31,020 --> 00:23:33,149 little square there is stands for 588 00:23:33,150 --> 00:23:35,339 a test which 589 00:23:35,340 --> 00:23:36,359 checks on 590 00:23:39,240 --> 00:23:41,579 five objects like web sockets, 591 00:23:41,580 --> 00:23:43,859 web searches, APT cache, section storage, 592 00:23:43,860 --> 00:23:45,419 local storage, web estriol. 593 00:23:45,420 --> 00:23:47,619 All the things that got introduced with 594 00:23:47,620 --> 00:23:49,829 H.M. five and might be interesting from 595 00:23:49,830 --> 00:23:51,509 a security perspective. 596 00:23:51,510 --> 00:23:53,219 And to the other hand, there's a lot of 597 00:23:53,220 --> 00:23:55,739 objects that are specified 598 00:23:55,740 --> 00:23:58,079 in the OPF standard, 599 00:23:58,080 --> 00:24:00,359 but are rarely implemented in current 600 00:24:00,360 --> 00:24:02,849 versions of the TV browsers. 601 00:24:02,850 --> 00:24:04,979 For example, application manager, which 602 00:24:04,980 --> 00:24:06,899 is always implemented VIDEO broadcast for 603 00:24:06,900 --> 00:24:08,369 sure. But things like 604 00:24:10,140 --> 00:24:12,839 internet messaging service, for example, 605 00:24:12,840 --> 00:24:14,969 could generate a lot of surface, which is 606 00:24:14,970 --> 00:24:15,970 interesting. 607 00:24:17,740 --> 00:24:20,109 And, of course, it tries to find 608 00:24:20,110 --> 00:24:22,369 places where personal 609 00:24:22,370 --> 00:24:24,609 data could reside 610 00:24:24,610 --> 00:24:26,529 in the browser and tries to find out 611 00:24:26,530 --> 00:24:28,539 about things like that. 612 00:24:29,920 --> 00:24:32,439 And there's an HPV TV app auditing 613 00:24:32,440 --> 00:24:34,539 unit, and it's currently based 614 00:24:34,540 --> 00:24:36,699 on HD track, 615 00:24:36,700 --> 00:24:38,769 the HD track website Copier. 616 00:24:38,770 --> 00:24:40,899 I'm pretty sure some of you 617 00:24:40,900 --> 00:24:43,629 know that which downloads 618 00:24:43,630 --> 00:24:45,519 the whole page and does also some 619 00:24:45,520 --> 00:24:47,589 JavaScript in order to get 620 00:24:47,590 --> 00:24:49,329 more content. 621 00:24:49,330 --> 00:24:51,549 It's very basic, and it allows 622 00:24:51,550 --> 00:24:53,949 static code analysis, so you could tell 623 00:24:53,950 --> 00:24:56,079 whether IP addresses are 624 00:24:56,080 --> 00:24:58,149 accessed. You could tell whether 625 00:24:58,150 --> 00:25:00,369 certain objects are called from 626 00:25:00,370 --> 00:25:02,589 the HP TV application, 627 00:25:03,610 --> 00:25:04,809 but there's a lot of room for 628 00:25:04,810 --> 00:25:05,810 improvement. 629 00:25:07,860 --> 00:25:09,689 The goal is to have a DNS server for 630 00:25:09,690 --> 00:25:11,849 smart TVs that only 631 00:25:11,850 --> 00:25:13,949 lets clean servers and points through 632 00:25:13,950 --> 00:25:16,079 to the television and 633 00:25:16,080 --> 00:25:18,659 to collect security, relevant information 634 00:25:18,660 --> 00:25:20,729 about smart TVs without 635 00:25:20,730 --> 00:25:22,409 having to buy all of them. 636 00:25:22,410 --> 00:25:24,150 Sure, it's an expensive thing. 637 00:25:25,710 --> 00:25:27,809 And to the other hand, there should be 638 00:25:27,810 --> 00:25:30,329 a list that lists all kinds of HPV 639 00:25:30,330 --> 00:25:32,489 TV services worldwide, 640 00:25:32,490 --> 00:25:34,709 which one person in one 641 00:25:34,710 --> 00:25:36,599 country could not achieve 642 00:25:37,740 --> 00:25:38,880 by him or herself. 643 00:25:41,550 --> 00:25:43,379 I'm sure you want to know how to use 644 00:25:43,380 --> 00:25:45,719 that, and you just type the 645 00:25:45,720 --> 00:25:47,819 following IP address as the 646 00:25:47,820 --> 00:25:50,009 DNS server off your smart TV and 647 00:25:50,010 --> 00:25:51,929 everything else should happen. 648 00:25:53,730 --> 00:25:56,189 Also spoofed ticker will show up. 649 00:25:56,190 --> 00:25:57,989 If you do that and switch to the right 650 00:25:57,990 --> 00:26:00,119 channel, that's how you can try that 651 00:26:00,120 --> 00:26:01,120 out yourself. 652 00:26:03,190 --> 00:26:05,319 There's an upcoming cooperation 653 00:26:05,320 --> 00:26:06,459 with the Community 654 00:26:07,840 --> 00:26:09,809 Television Service in Salzburg. 655 00:26:12,190 --> 00:26:14,409 I don't know if you know about community 656 00:26:14,410 --> 00:26:17,319 TV show things stations like that. 657 00:26:17,320 --> 00:26:19,869 They have a funding 658 00:26:19,870 --> 00:26:22,119 member base and it's supposed 659 00:26:22,120 --> 00:26:23,349 to be a very 660 00:26:25,120 --> 00:26:27,729 new approach to user generated content 661 00:26:27,730 --> 00:26:28,989 on TV. 662 00:26:30,010 --> 00:26:32,079 And they're really interested in 663 00:26:32,080 --> 00:26:34,359 having things like the spoof ticker in 664 00:26:34,360 --> 00:26:36,969 their show, in their program. 665 00:26:36,970 --> 00:26:39,519 And that's why I think there might be 666 00:26:39,520 --> 00:26:41,709 some upcoming cooperation soon 667 00:26:41,710 --> 00:26:42,710 next year. 668 00:26:44,550 --> 00:26:46,829 There is a device called Open 669 00:26:46,830 --> 00:26:47,729 Caster. 670 00:26:47,730 --> 00:26:49,889 It allows you to 671 00:26:49,890 --> 00:26:52,099 play around with this. 672 00:26:52,100 --> 00:26:54,449 This you see Object 673 00:26:54,450 --> 00:26:56,999 Caruso, which is carrying 674 00:26:57,000 --> 00:26:58,979 the information I was talking about 675 00:26:58,980 --> 00:26:59,999 before. 676 00:27:00,000 --> 00:27:02,249 And there you could try out how 677 00:27:02,250 --> 00:27:04,499 your television reacts to certain inputs 678 00:27:04,500 --> 00:27:05,500 in this feels. 679 00:27:07,740 --> 00:27:10,679 There is a mighty experts 680 00:27:10,680 --> 00:27:12,809 HPV TV test suite. 681 00:27:12,810 --> 00:27:14,609 These guys did the I.D. 682 00:27:14,610 --> 00:27:16,859 and set the F HPV TV portal, 683 00:27:16,860 --> 00:27:18,719 and they have this open source test 684 00:27:18,720 --> 00:27:20,789 suite, which is really interesting if you 685 00:27:20,790 --> 00:27:22,529 are trying to look into that in more 686 00:27:22,530 --> 00:27:24,209 detail and trying to do your own 687 00:27:24,210 --> 00:27:26,699 applications, but especially 688 00:27:26,700 --> 00:27:28,919 for doing own applications, I found 689 00:27:28,920 --> 00:27:31,439 something that I didn't know before. 690 00:27:31,440 --> 00:27:32,729 It's been. 691 00:27:32,730 --> 00:27:34,829 It's a TV application 692 00:27:34,830 --> 00:27:37,019 layer, it's a BBC project, it's 693 00:27:37,020 --> 00:27:38,789 open source as well. 694 00:27:38,790 --> 00:27:40,979 And it's a framework that 695 00:27:40,980 --> 00:27:43,349 eases the development 696 00:27:43,350 --> 00:27:45,420 of HPV TV applications. 697 00:27:47,560 --> 00:27:49,689 And I'm faster 698 00:27:49,690 --> 00:27:50,759 than expected. 699 00:27:50,760 --> 00:27:51,760 Unfortunately, 700 00:27:53,040 --> 00:27:55,089 the slides I'd like to give credit to a 701 00:27:55,090 --> 00:27:57,219 lot of people that 702 00:27:57,220 --> 00:27:59,559 were directly or indirectly involved 703 00:27:59,560 --> 00:28:02,499 in the whole research process. 704 00:28:02,500 --> 00:28:04,599 Thank you, everybody who's on 705 00:28:04,600 --> 00:28:06,549 there and in this room. 706 00:28:21,610 --> 00:28:23,799 If they questions I have Mozart falls in 707 00:28:23,800 --> 00:28:24,879 exchange. 708 00:28:24,880 --> 00:28:25,880 Exactly. 709 00:28:27,160 --> 00:28:28,989 Uh, is there a question in? 710 00:28:28,990 --> 00:28:30,820 OK, there you go. 711 00:28:32,200 --> 00:28:34,359 Well, it's not so much a question as 712 00:28:34,360 --> 00:28:36,849 a general point of information 713 00:28:36,850 --> 00:28:39,909 is that, uh, the ability to see 714 00:28:39,910 --> 00:28:41,739 changing channels of use changing 715 00:28:41,740 --> 00:28:44,109 channels in real time is not unique 716 00:28:44,110 --> 00:28:45,509 to HPV TV. 717 00:28:45,510 --> 00:28:48,429 Uh, there's, uh, the down link on 718 00:28:48,430 --> 00:28:50,829 all IPTV and set top boxes, 719 00:28:50,830 --> 00:28:52,899 of course. And also, 720 00:28:52,900 --> 00:28:55,239 uh, I believe all modern cable 721 00:28:55,240 --> 00:28:56,979 set top boxes do this as well. 722 00:28:56,980 --> 00:28:59,199 So this is not unique to HPV TV, it's 723 00:28:59,200 --> 00:29:01,479 just it's just a way to trick it onto 724 00:29:01,480 --> 00:29:03,789 satellite and digital terrestrial 725 00:29:03,790 --> 00:29:04,929 as well. 726 00:29:04,930 --> 00:29:07,119 Also, I'm active in a well, 727 00:29:07,120 --> 00:29:08,709 I'll take that up with the later. 728 00:29:08,710 --> 00:29:10,030 Yeah, collect your most of all, 729 00:29:11,530 --> 00:29:12,849 thank you throughout the year. 730 00:29:16,990 --> 00:29:19,089 The IP address again. 731 00:29:22,190 --> 00:29:23,909 Say it again, please. 732 00:29:23,910 --> 00:29:26,149 Could you show this slide with the IP 733 00:29:26,150 --> 00:29:27,139 address again, please? 734 00:29:27,140 --> 00:29:28,490 Oh, sure. Good idea. 735 00:29:33,480 --> 00:29:35,639 And did you check if you can use 736 00:29:35,640 --> 00:29:36,339 a camera? 737 00:29:36,340 --> 00:29:37,499 Hey, wait. 738 00:29:37,500 --> 00:29:40,109 There was a question on microphone three. 739 00:29:40,110 --> 00:29:41,419 All right. 740 00:29:41,420 --> 00:29:42,709 Yeah, just a short question. 741 00:29:42,710 --> 00:29:44,779 I do not own a TV that could do that, 742 00:29:44,780 --> 00:29:47,719 but when you research that HPT, 743 00:29:47,720 --> 00:29:50,119 HPV, TV stuff, did you find actually 744 00:29:50,120 --> 00:29:52,309 anything useful that it was what 745 00:29:52,310 --> 00:29:54,109 it was used for? 746 00:29:54,110 --> 00:29:56,179 There's an add on for Firefox, 747 00:29:56,180 --> 00:29:58,489 which could be argued if it's useful 748 00:29:58,490 --> 00:30:00,829 or not. There's Oprah does 749 00:30:00,830 --> 00:30:03,079 browsers for smart TVs as well, and they 750 00:30:03,080 --> 00:30:05,269 have a VM that you could run 751 00:30:05,270 --> 00:30:07,399 and try to to test 752 00:30:07,400 --> 00:30:09,769 your HP TV applications. 753 00:30:09,770 --> 00:30:11,839 But I did not really 754 00:30:11,840 --> 00:30:13,969 succeed using these in in a probable 755 00:30:13,970 --> 00:30:14,479 way. 756 00:30:14,480 --> 00:30:16,729 I mean, if two stations broadcast any 757 00:30:16,730 --> 00:30:19,339 useful content using HP VTV, 758 00:30:19,340 --> 00:30:22,069 oh, that's a question of 759 00:30:22,070 --> 00:30:24,199 defending. You know of some 760 00:30:24,200 --> 00:30:25,799 like it, some don't. 761 00:30:25,800 --> 00:30:27,889 I did said the if has all 762 00:30:27,890 --> 00:30:30,289 the recordings of music and to startle, 763 00:30:30,290 --> 00:30:31,579 it's something to go for. 764 00:30:31,580 --> 00:30:32,580 I would say 765 00:30:33,980 --> 00:30:35,329 collecting most of all feeds 766 00:30:37,130 --> 00:30:38,149 back to one. 767 00:30:38,150 --> 00:30:40,309 So you go back to 768 00:30:40,310 --> 00:30:41,239 the question. 769 00:30:41,240 --> 00:30:44,269 I checked that a HTML5 770 00:30:44,270 --> 00:30:46,729 can also use a camera 771 00:30:46,730 --> 00:30:49,189 if it is supported and 772 00:30:49,190 --> 00:30:51,379 in your devices, 773 00:30:51,380 --> 00:30:53,329 the camera is always on. 774 00:30:53,330 --> 00:30:55,579 Could you check if you could 775 00:30:55,580 --> 00:30:57,679 use a camera in 776 00:30:57,680 --> 00:31:00,349 your, for example, Samsung TVs 777 00:31:00,350 --> 00:31:02,539 to to look what's happening in the in the 778 00:31:02,540 --> 00:31:03,890 user's living room? 779 00:31:05,060 --> 00:31:07,069 Of course, this is the first question if 780 00:31:07,070 --> 00:31:09,169 you have a device with the camera, and 781 00:31:09,170 --> 00:31:10,879 I was trying to do that. 782 00:31:10,880 --> 00:31:13,339 Actually, there's two kinds of 783 00:31:13,340 --> 00:31:14,719 application environments. 784 00:31:14,720 --> 00:31:17,419 There's usually the ones for the app 785 00:31:17,420 --> 00:31:19,489 like Skype and stuff, and 786 00:31:19,490 --> 00:31:21,619 there's the one, at least for Samsung. 787 00:31:21,620 --> 00:31:24,049 This is true that only 788 00:31:24,050 --> 00:31:26,209 lives in this TV 789 00:31:26,210 --> 00:31:27,949 world. And there the camera object is 790 00:31:27,950 --> 00:31:28,999 simply not available, 791 00:31:30,320 --> 00:31:32,989 but it's something maybe 792 00:31:32,990 --> 00:31:34,759 to try out. But to the other hand, this 793 00:31:34,760 --> 00:31:37,309 is not part of the HPV TV standard, 794 00:31:37,310 --> 00:31:39,559 and it's hard to do a standardized test 795 00:31:39,560 --> 00:31:40,560 for a camera. 796 00:31:41,660 --> 00:31:43,819 All right. But HDMI 797 00:31:43,820 --> 00:31:46,069 five is not even implemented 798 00:31:46,070 --> 00:31:48,019 in all the television sets. 799 00:31:48,020 --> 00:31:50,239 Some of them do have already some 800 00:31:50,240 --> 00:31:52,609 features. Some of them simply don't. 801 00:31:52,610 --> 00:31:54,079 But I think this is to come. 802 00:31:55,100 --> 00:31:56,479 One, two months before 803 00:31:56,480 --> 00:31:57,580 you saw 804 00:31:58,910 --> 00:32:02,359 him, five is nothing like a standard 805 00:32:02,360 --> 00:32:04,819 set of features and within your devices, 806 00:32:04,820 --> 00:32:06,919 it might be that it could was 807 00:32:06,920 --> 00:32:09,439 out for annotation. 808 00:32:09,440 --> 00:32:11,569 If you're using your version of web kit 809 00:32:11,570 --> 00:32:14,179 or whatever she was 810 00:32:14,180 --> 00:32:16,339 put simply on, it's true. 811 00:32:16,340 --> 00:32:18,499 Maybe this will be a test you want. 812 00:32:18,500 --> 00:32:20,119 And most of all, if I throw it, it's 813 00:32:20,120 --> 00:32:21,349 dangerous. They could kill. 814 00:32:22,970 --> 00:32:24,349 All right. 815 00:32:24,350 --> 00:32:26,149 Microphone to now. 816 00:32:26,150 --> 00:32:27,109 Can I ask a question? 817 00:32:27,110 --> 00:32:29,359 Another multiple Oh 818 00:32:29,360 --> 00:32:30,360 there. Yeah. OK. 819 00:32:31,370 --> 00:32:32,900 The frequency of the requests 820 00:32:34,610 --> 00:32:36,559 did. Do you record this as well? 821 00:32:36,560 --> 00:32:38,719 Because that's kind of privacy issue 822 00:32:38,720 --> 00:32:40,909 there too, because some, I believe, have 823 00:32:40,910 --> 00:32:43,579 a frequency of one second per 824 00:32:43,580 --> 00:32:45,739 page when you have a specific 825 00:32:45,740 --> 00:32:46,789 channel. 826 00:32:46,790 --> 00:32:48,709 So what what what is your question? 827 00:32:48,710 --> 00:32:50,869 Then what do you record 828 00:32:50,870 --> 00:32:51,870 with your suit? 829 00:32:52,610 --> 00:32:54,409 How often are Pages Reloaded? 830 00:32:54,410 --> 00:32:56,989 Because I believe some zip 831 00:32:56,990 --> 00:32:59,329 codes even records every 832 00:32:59,330 --> 00:33:00,409 second, 833 00:33:00,410 --> 00:33:02,089 an impulse 834 00:33:02,090 --> 00:33:05,239 they have a JavaScript method that pings 835 00:33:05,240 --> 00:33:07,189 all the time. It's called Long Pauling or 836 00:33:07,190 --> 00:33:09,619 so, and they do repeated 837 00:33:09,620 --> 00:33:12,079 checks to see if the 838 00:33:12,080 --> 00:33:13,939 watch is still watching. 839 00:33:13,940 --> 00:33:15,769 Yeah, but how do you record that? 840 00:33:15,770 --> 00:33:17,689 You could see that in the proxy locked, 841 00:33:17,690 --> 00:33:19,879 but my proxy script switches 842 00:33:19,880 --> 00:33:22,129 after 10 seconds, so you won't see 843 00:33:22,130 --> 00:33:24,409 it. But maybe this is something you 844 00:33:24,410 --> 00:33:26,929 would also find in static analysis 845 00:33:26,930 --> 00:33:28,129 of the source code. 846 00:33:28,130 --> 00:33:29,130 Thank you. 847 00:33:29,550 --> 00:33:31,499 One of most all, no 848 00:33:33,300 --> 00:33:34,169 one. 849 00:33:34,170 --> 00:33:36,359 So it was just a short 850 00:33:36,360 --> 00:33:37,829 question. 851 00:33:37,830 --> 00:33:40,019 Are there any known 852 00:33:40,020 --> 00:33:41,640 attacks on the HPV 853 00:33:42,900 --> 00:33:45,509 that are yet to come public 854 00:33:45,510 --> 00:33:47,069 or something? 855 00:33:47,070 --> 00:33:49,139 Um, most of the things I was 856 00:33:49,140 --> 00:33:51,329 working with is out of the 857 00:33:51,330 --> 00:33:53,219 IPF standards. 858 00:33:53,220 --> 00:33:55,529 It's the open IPTV forum 859 00:33:55,530 --> 00:33:58,079 and the standard got adopted 860 00:33:58,080 --> 00:34:00,509 by the by the standards, 861 00:34:00,510 --> 00:34:02,429 by the HPV TV standard. 862 00:34:02,430 --> 00:34:05,039 So it lists a lot of technical features 863 00:34:05,040 --> 00:34:07,319 and there's also the HPV TV standard, 864 00:34:07,320 --> 00:34:09,419 and I'm pretty sure you find some useful 865 00:34:09,420 --> 00:34:10,709 information there as well. 866 00:34:10,710 --> 00:34:11,710 OK. 867 00:34:13,310 --> 00:34:14,310 Most of all. 868 00:34:14,969 --> 00:34:15,939 Yes. 869 00:34:15,940 --> 00:34:16,940 Yeah. 870 00:34:22,530 --> 00:34:24,869 One question from the internet. 871 00:34:24,870 --> 00:34:27,149 Could you fake votes by by accessing 872 00:34:27,150 --> 00:34:29,339 those pages by your or your 873 00:34:29,340 --> 00:34:30,340 server? 874 00:34:32,610 --> 00:34:34,229 Could you what was the question from the 875 00:34:34,230 --> 00:34:35,218 internet? 876 00:34:35,219 --> 00:34:37,589 Could you fake votes 877 00:34:37,590 --> 00:34:39,689 for reality shows or whatever 878 00:34:39,690 --> 00:34:41,519 voting is done? 879 00:34:41,520 --> 00:34:43,109 Very good question. 880 00:34:43,110 --> 00:34:44,579 Actually, it's nuts. 881 00:34:44,580 --> 00:34:46,829 I haven't seen the voting feature 882 00:34:46,830 --> 00:34:49,289 implemented via HPV TV 883 00:34:49,290 --> 00:34:51,448 yet, but once it gets 884 00:34:51,449 --> 00:34:53,879 implemented, this is one of the most 885 00:34:53,880 --> 00:34:56,189 interesting things to do. 886 00:34:56,190 --> 00:34:58,649 I would say because at the moment on the 887 00:34:58,650 --> 00:35:00,779 PS used, you could do all kinds 888 00:35:00,780 --> 00:35:02,399 of tricks in order to get votes for your 889 00:35:02,400 --> 00:35:03,400 favorite candidate. 890 00:35:04,470 --> 00:35:06,839 I'm sure this is happening, 891 00:35:06,840 --> 00:35:08,969 but maybe by the time the voting gets 892 00:35:08,970 --> 00:35:11,429 implemented, maybe they have a user 893 00:35:11,430 --> 00:35:13,649 log logging structure, kind of maybe they 894 00:35:13,650 --> 00:35:15,899 find ways to prevent fraud on this 895 00:35:15,900 --> 00:35:17,550 and when they do that. 896 00:35:19,350 --> 00:35:20,350 Keeping. 897 00:35:24,020 --> 00:35:25,189 And there is a question. 898 00:35:26,240 --> 00:35:27,649 Thanks for your talk. 899 00:35:27,650 --> 00:35:29,989 You mentioned the case of the television 900 00:35:29,990 --> 00:35:30,990 manufacturer. 901 00:35:32,030 --> 00:35:33,559 Could you elaborate on that? 902 00:35:33,560 --> 00:35:35,719 Was the same set of data 903 00:35:35,720 --> 00:35:37,819 transferred to the manufacturer 904 00:35:37,820 --> 00:35:40,489 that is also transferred to the 905 00:35:40,490 --> 00:35:42,679 web TV providers and the television 906 00:35:42,680 --> 00:35:43,339 stations. 907 00:35:43,340 --> 00:35:45,289 Actually, you're talking about the LG 908 00:35:45,290 --> 00:35:46,519 incident. 909 00:35:46,520 --> 00:35:47,520 Yes. 910 00:35:47,930 --> 00:35:49,700 I don't believe it's been. 911 00:35:50,960 --> 00:35:53,659 It has to do with HDTV. 912 00:35:53,660 --> 00:35:55,759 I think it's like every 913 00:35:55,760 --> 00:35:58,579 bigger company does market research. 914 00:35:58,580 --> 00:36:00,769 LG did market research, and I 915 00:36:00,770 --> 00:36:02,479 discovered within the proxy like also 916 00:36:02,480 --> 00:36:05,159 that Samsung, of course, calls home 917 00:36:05,160 --> 00:36:06,160 know most of all, 918 00:36:07,940 --> 00:36:10,009 but it's unclear which information is 919 00:36:10,010 --> 00:36:11,539 included in there. 920 00:36:11,540 --> 00:36:13,249 So it's usually encrypted. 921 00:36:13,250 --> 00:36:15,319 It's usually a call to IP address, 922 00:36:15,320 --> 00:36:17,389 which usually brings up a firmware 923 00:36:17,390 --> 00:36:19,189 update or something like that. 924 00:36:19,190 --> 00:36:20,479 What else is included? 925 00:36:20,480 --> 00:36:22,039 I'm not able to tell. 926 00:36:22,040 --> 00:36:23,040 Unfortunately. 927 00:36:24,160 --> 00:36:26,679 So that's only one more question. 928 00:36:26,680 --> 00:36:28,749 There is one on microphone six. 929 00:36:28,750 --> 00:36:29,830 Yeah. OK. 930 00:36:31,090 --> 00:36:33,609 I was wondering if TV's 931 00:36:33,610 --> 00:36:35,889 that also have a recording function. 932 00:36:35,890 --> 00:36:38,169 Do these Arab TV requests 933 00:36:38,170 --> 00:36:39,729 at the time that they record when no 934 00:36:39,730 --> 00:36:40,730 one's watching? 935 00:36:41,750 --> 00:36:43,399 Did you investigate that? 936 00:36:43,400 --> 00:36:45,949 I haven't. And what 937 00:36:45,950 --> 00:36:47,869 is the exact question that the recording 938 00:36:47,870 --> 00:36:50,149 function could be deactivated or 939 00:36:50,150 --> 00:36:52,279 no, no, if the recording function 940 00:36:52,280 --> 00:36:54,379 when it's active? So if the TV record 941 00:36:54,380 --> 00:36:56,569 something or does it, then also 942 00:36:56,570 --> 00:36:59,029 do the HPV TV requests 943 00:36:59,030 --> 00:37:01,519 having researched this, but 944 00:37:01,520 --> 00:37:03,579 would not expect that to happen, 945 00:37:03,580 --> 00:37:05,719 but can say maybe 946 00:37:05,720 --> 00:37:06,799 something to try out. 947 00:37:09,150 --> 00:37:10,150 Multiple. 948 00:37:15,500 --> 00:37:17,029 Who was it, was you? 949 00:37:17,030 --> 00:37:18,030 Yeah. 950 00:37:18,360 --> 00:37:19,590 There was a question up there 951 00:37:22,230 --> 00:37:23,230 on the right. 952 00:37:25,190 --> 00:37:26,849 Oh yeah. 953 00:37:26,850 --> 00:37:28,649 Come here, if you like the Roosevelt. 954 00:37:28,650 --> 00:37:28,859 All right. 955 00:37:28,860 --> 00:37:30,570 Well, question. Go ahead, please. 956 00:37:37,740 --> 00:37:40,049 You mentioned you mentioned in your talk 957 00:37:40,050 --> 00:37:42,449 that the legal situation, at least in 958 00:37:42,450 --> 00:37:44,819 countries like Germany, is actually 959 00:37:44,820 --> 00:37:47,399 such that it seems to be illegal 960 00:37:47,400 --> 00:37:49,559 to do that sort of data collection. 961 00:37:49,560 --> 00:37:52,409 And I'm wondering why 962 00:37:52,410 --> 00:37:54,839 public companies 963 00:37:54,840 --> 00:37:57,299 like Satya, Iodine and so on 964 00:37:57,300 --> 00:37:59,519 they should, you know, adhere to legal 965 00:37:59,520 --> 00:38:00,599 standards. 966 00:38:00,600 --> 00:38:02,849 That's. Anybody looking into the legal 967 00:38:02,850 --> 00:38:03,929 situation at the moment. 968 00:38:03,930 --> 00:38:05,040 Is this an issue for, 969 00:38:07,200 --> 00:38:09,569 you know, starts involved in Germany 970 00:38:09,570 --> 00:38:10,999 to look into that? 971 00:38:11,000 --> 00:38:13,109 Oh, is there any sort of statement 972 00:38:13,110 --> 00:38:14,939 coming from the public broadcasting 973 00:38:14,940 --> 00:38:17,069 companies to say, OK, we looked into 974 00:38:17,070 --> 00:38:19,019 this illegal situation and because of 975 00:38:19,020 --> 00:38:21,059 this and that we think that we are 976 00:38:21,060 --> 00:38:23,369 courting, we are within the limits 977 00:38:23,370 --> 00:38:24,809 of German law. I mean, this is a very 978 00:38:24,810 --> 00:38:26,759 strange situation for me that you cite a 979 00:38:26,760 --> 00:38:28,949 law that evidently 980 00:38:28,950 --> 00:38:31,409 is violated and 981 00:38:31,410 --> 00:38:33,299 everybody seems to be doing it. 982 00:38:33,300 --> 00:38:34,289 And nothing happens 983 00:38:34,290 --> 00:38:36,359 as far as for idiots, ATF, 984 00:38:36,360 --> 00:38:38,459 or especially if I found the 985 00:38:38,460 --> 00:38:41,189 option to disable tracking 986 00:38:41,190 --> 00:38:43,079 you, you could opt out from that. 987 00:38:43,080 --> 00:38:45,329 But private TV companies clearly 988 00:38:45,330 --> 00:38:47,609 have no intention of making 989 00:38:47,610 --> 00:38:50,039 that easy because it helps them selling 990 00:38:50,040 --> 00:38:51,419 ads. 991 00:38:51,420 --> 00:38:53,699 But this is just an assumption, but I 992 00:38:53,700 --> 00:38:55,199 think it's about time when somebody 993 00:38:55,200 --> 00:38:57,389 really is investigating 994 00:38:57,390 --> 00:38:59,459 there. Maybe somebody is having 995 00:38:59,460 --> 00:39:01,619 the idea of suing these companies, 996 00:39:01,620 --> 00:39:03,239 somebody with a lot of energy, though. 997 00:39:05,280 --> 00:39:06,280 Of all. 998 00:39:07,030 --> 00:39:08,030 Yeah. 999 00:39:08,940 --> 00:39:11,249 One is fear. 1000 00:39:11,250 --> 00:39:13,379 I mean, do you know of any reason 1001 00:39:13,380 --> 00:39:15,869 why no cell is used in this protocol? 1002 00:39:15,870 --> 00:39:17,999 It seems strange to implement such 1003 00:39:18,000 --> 00:39:20,099 a protocol in 2011 and not 1004 00:39:20,100 --> 00:39:22,199 use any transport encryption. 1005 00:39:23,670 --> 00:39:25,919 Yeah, to the one hand, 1006 00:39:25,920 --> 00:39:28,289 I would say a lot of content 1007 00:39:28,290 --> 00:39:30,659 delivery networks are having 1008 00:39:30,660 --> 00:39:32,519 or it's getting more complicated when 1009 00:39:32,520 --> 00:39:33,809 using HTTPS. 1010 00:39:34,830 --> 00:39:36,569 That's just an assumption. 1011 00:39:36,570 --> 00:39:38,699 But to the other hand, almost no 1012 00:39:38,700 --> 00:39:40,599 television on the market is making a 1013 00:39:40,600 --> 00:39:42,989 difference. I checked on the Samsung TV, 1014 00:39:42,990 --> 00:39:44,339 for example. It's not 1015 00:39:45,750 --> 00:39:47,429 complaining about self-signed 1016 00:39:47,430 --> 00:39:48,779 certificates. 1017 00:39:48,780 --> 00:39:51,509 So even though they would use it, 1018 00:39:51,510 --> 00:39:53,969 it's a question whether anyone 1019 00:39:53,970 --> 00:39:56,249 would find out if 1020 00:39:56,250 --> 00:39:57,689 the content is authentic. 1021 00:40:01,330 --> 00:40:02,330 And I'm not sure 1022 00:40:03,980 --> 00:40:06,529 my question was about the return 1023 00:40:06,530 --> 00:40:09,379 pass technology. 1024 00:40:09,380 --> 00:40:11,809 I mean, obviously a 1025 00:40:11,810 --> 00:40:14,239 physical return path must be implemented 1026 00:40:14,240 --> 00:40:16,659 in order for the device to 1027 00:40:16,660 --> 00:40:18,560 to to send back any information. 1028 00:40:19,610 --> 00:40:21,769 So you need an internet connection. 1029 00:40:21,770 --> 00:40:24,619 How does it physically work and 1030 00:40:24,620 --> 00:40:26,689 what is what is the aim of of of the 1031 00:40:26,690 --> 00:40:28,459 people? How do they want to achieve that? 1032 00:40:28,460 --> 00:40:30,799 Maybe one day almost every television 1033 00:40:30,800 --> 00:40:32,869 is connected and has a return 1034 00:40:32,870 --> 00:40:35,029 path, even even for those households 1035 00:40:35,030 --> 00:40:36,409 who may not have an intimate 1036 00:40:37,640 --> 00:40:39,739 in these cases, they just don't know if 1037 00:40:39,740 --> 00:40:42,019 there's no return path, no internet 1038 00:40:42,020 --> 00:40:43,039 connection there. 1039 00:40:43,040 --> 00:40:44,239 They just don't know. 1040 00:40:44,240 --> 00:40:46,429 I mean, to to which extent could HBP 1041 00:40:46,430 --> 00:40:47,929 TV work without a return? 1042 00:40:47,930 --> 00:40:50,389 Positive trends that seem to 1043 00:40:50,390 --> 00:40:52,339 generate some code that people can send 1044 00:40:52,340 --> 00:40:53,559 by as a means somewhere. 1045 00:40:54,980 --> 00:40:57,319 As far as I know, there's no 1046 00:40:57,320 --> 00:40:59,239 alternative to being connected and 1047 00:40:59,240 --> 00:41:01,519 accessing the content via HPV TV. 1048 00:41:01,520 --> 00:41:03,649 There is some fallback solution for the 1049 00:41:03,650 --> 00:41:05,719 red button display if it's 1050 00:41:05,720 --> 00:41:07,789 not possible to access the red button 1051 00:41:07,790 --> 00:41:08,959 off the internet. 1052 00:41:08,960 --> 00:41:10,849 There will be some objects embedded in 1053 00:41:10,850 --> 00:41:13,489 the carousel that then get displayed, 1054 00:41:13,490 --> 00:41:15,589 but once you press a red button, the 1055 00:41:15,590 --> 00:41:17,689 television tells you better get online 1056 00:41:17,690 --> 00:41:18,860 in order to see something. 1057 00:41:30,210 --> 00:41:32,339 Yeah. I mean, I also have 1058 00:41:32,340 --> 00:41:34,050 a privacy related question. 1059 00:41:35,130 --> 00:41:36,130 Well, maybe two. 1060 00:41:37,090 --> 00:41:39,239 First, did you check the Google 1061 00:41:39,240 --> 00:41:41,429 Analytics code, whether there was 1062 00:41:41,430 --> 00:41:42,510 the anonymized are 1063 00:41:43,680 --> 00:41:45,209 enabled or not? 1064 00:41:45,210 --> 00:41:46,529 I haven't checked that. 1065 00:41:46,530 --> 00:41:47,559 OK. 1066 00:41:47,560 --> 00:41:49,829 The OK second question 1067 00:41:49,830 --> 00:41:52,289 to it which channel were using 1068 00:41:52,290 --> 00:41:54,689 Google Analytics at TV 1069 00:41:54,690 --> 00:41:56,519 in Germany or A. 1070 00:41:56,520 --> 00:41:58,199 in France? 1071 00:41:58,200 --> 00:42:00,899 Because Google and Google 1072 00:42:00,900 --> 00:42:03,659 were artists also in Germany, 1073 00:42:03,660 --> 00:42:06,499 sponsored by every household nowadays? 1074 00:42:06,500 --> 00:42:07,799 Right? True. 1075 00:42:07,800 --> 00:42:09,449 They are kind of public. 1076 00:42:09,450 --> 00:42:10,319 Kind of public. 1077 00:42:10,320 --> 00:42:11,369 Yes. 1078 00:42:11,370 --> 00:42:13,589 Yeah. And they kind of have old servers 1079 00:42:13,590 --> 00:42:16,529 that would be kind of interested 1080 00:42:16,530 --> 00:42:17,530 to know 1081 00:42:19,140 --> 00:42:21,689 if the proxy lives are online. 1082 00:42:21,690 --> 00:42:24,189 Yeah. If a public company, 1083 00:42:24,190 --> 00:42:26,309 a public funded company using 1084 00:42:26,310 --> 00:42:29,309 Google Analytics with or without 1085 00:42:29,310 --> 00:42:30,989 the anonymized. 1086 00:42:30,990 --> 00:42:32,819 I haven't checked on the anonymize. 1087 00:42:32,820 --> 00:42:35,009 The proxy docs are online, but I 1088 00:42:35,010 --> 00:42:36,359 will check afterwards. 1089 00:42:36,360 --> 00:42:37,979 Maybe we talk about that a little more. 1090 00:42:37,980 --> 00:42:39,569 I don't know this feature, to be honest. 1091 00:42:39,570 --> 00:42:40,509 OK, thanks. 1092 00:42:40,510 --> 00:42:41,510 Let's have all. 1093 00:42:47,230 --> 00:42:49,719 Number three, um, I actually 1094 00:42:49,720 --> 00:42:52,269 know the answer to a question that was 1095 00:42:52,270 --> 00:42:54,579 asked earlier, if you 1096 00:42:54,580 --> 00:42:56,589 record something you have to watch to 1097 00:42:56,590 --> 00:42:59,919 channel in the same time so 1098 00:42:59,920 --> 00:43:02,559 that they record you 1099 00:43:02,560 --> 00:43:04,629 so they know which channels you 1100 00:43:04,630 --> 00:43:05,739 watch anyway. 1101 00:43:05,740 --> 00:43:07,599 So if you record something, they know 1102 00:43:07,600 --> 00:43:08,929 that you watched it. 1103 00:43:08,930 --> 00:43:11,559 So you mean if I watch a recording, 1104 00:43:11,560 --> 00:43:12,389 they would know. 1105 00:43:12,390 --> 00:43:14,529 No, no. But if you record something, they 1106 00:43:14,530 --> 00:43:16,629 know that you watched it because you have 1107 00:43:16,630 --> 00:43:18,999 to watch the channel to record it. 1108 00:43:19,000 --> 00:43:20,000 Mm-Hmm. 1109 00:43:20,680 --> 00:43:23,739 Yeah, the the HDP 1110 00:43:23,740 --> 00:43:26,679 address comes along with the contents 1111 00:43:26,680 --> 00:43:28,959 and television requested 1112 00:43:28,960 --> 00:43:31,299 once it receives this information. 1113 00:43:31,300 --> 00:43:33,069 This is usually when you watch it. 1114 00:43:33,070 --> 00:43:35,199 So it's only then, and in the case 1115 00:43:35,200 --> 00:43:37,479 of proceedings at ends, they 1116 00:43:37,480 --> 00:43:39,939 also check periodically 1117 00:43:39,940 --> 00:43:41,080 if you are still watching. 1118 00:43:42,350 --> 00:43:44,569 But the question was, if they know if 1119 00:43:44,570 --> 00:43:46,909 you recorded it, I think, oh 1120 00:43:46,910 --> 00:43:49,279 yeah, oh, because you have to watch it. 1121 00:43:49,280 --> 00:43:51,379 I don't think so, but whether 1122 00:43:51,380 --> 00:43:53,659 it's recordable or not is encoded 1123 00:43:53,660 --> 00:43:55,669 in the DVD stream somewhere. 1124 00:43:55,670 --> 00:43:57,919 I'm not expert on that, but they I'm 1125 00:43:57,920 --> 00:44:00,269 not sure that the HPV 1126 00:44:00,270 --> 00:44:02,510 TV gives the means to him to know that. 1127 00:44:04,340 --> 00:44:06,409 Or yeah, 1128 00:44:06,410 --> 00:44:08,539 you can yeah, 1129 00:44:08,540 --> 00:44:10,789 you can use it for between not 1130 00:44:10,790 --> 00:44:12,949 only interviews, you can use it also, 1131 00:44:12,950 --> 00:44:15,559 for example, on DreamBox on 1132 00:44:15,560 --> 00:44:16,939 home theater ABC. 1133 00:44:16,940 --> 00:44:19,399 Are there any difference differences 1134 00:44:19,400 --> 00:44:21,979 concerning the security issues? 1135 00:44:21,980 --> 00:44:24,229 I think not exactly the security 1136 00:44:24,230 --> 00:44:25,819 issues. These are the same, but the 1137 00:44:25,820 --> 00:44:27,859 privacy issues are differently because 1138 00:44:27,860 --> 00:44:30,139 you deliberately start an application 1139 00:44:30,140 --> 00:44:32,869 in the case of like DreamBox 1140 00:44:32,870 --> 00:44:35,059 or other where you call a 1141 00:44:35,060 --> 00:44:37,489 URL, or you deliberately open the 1142 00:44:37,490 --> 00:44:39,799 CTF médiatique, and 1143 00:44:39,800 --> 00:44:42,379 that's a different endpoint of privacy. 1144 00:44:42,380 --> 00:44:44,689 But in point of content injection, 1145 00:44:44,690 --> 00:44:46,070 you might have the same issues. 1146 00:44:48,050 --> 00:44:50,359 Well, so far, you guys, 1147 00:44:50,360 --> 00:44:52,129 you should come here. 1148 00:44:52,130 --> 00:44:53,119 I have so many like, 1149 00:44:53,120 --> 00:44:55,009 you're running out of chocolate. 1150 00:44:55,010 --> 00:44:56,599 No, no, not yet. 1151 00:44:56,600 --> 00:44:58,669 No, we don't have any more time 1152 00:44:58,670 --> 00:44:59,679 for other. All right.