[<prev] [next>] [day] [month] [year] [list]
Message-ID: <3148.195.49.188.226.1054767400.squirrel@www.nothotmail.org>
From: meme-boi at nothotmail.org (meme-boi)
Subject: TiVo , msn TV & Big Brother
<snip>
SAN JOSE, California (AP) -- TiVo, the leading maker of digital television
recorders, is offering advertisers and broadcasters information on the
commercials and shows its users are watching.
TiVo executives said this week they will gather viewing information only
in aggregate, such as by ZIP code, rather than individually. The habits of
individual users will remain anonymous.
http://www.cnn.com/2003/TECH/ptech/06/04/tivo.patterns.ap/index.html
</end snip>
I say shame on them! For one, after selling a product to a consumer the
device should be his and not be used to further fatten the pockets of
immoral pirates such at these.
So , after letting my anger die down a bit , I decided to go do a little
reading to see if I could poke a hole the preposterous claim that the all
mighty TiVo could protect its users sensitive data.
Let's take a look. After visiting the TiVo developer site , I learned a
few things , the most immediately useful being the fact that it sent IGMP
v2 Multicast Membership reports , which are pretty simple to sort out on
your average cable network segment.
I started with:
tcpdump -i eth0 -e -v | grep igmp > tv.txt
After about an hour I went through the file looking for something besides
the routers from my ISP and , while I didn't find any TiVo subscribers on
my wire , I did find several:
12:48:19.004264 0:30:c1:ad:91:97 1:0:5e:0:1:3c ip 60: *.*.*.*
TVE-ANNOUNCE.MCAST.NET: igmp v2report TVE-ANNOUNCE.MCAST.NET [ttl 1] (id
3884, len 28)
packets from a subscriber on my segment leaving for:
TVE-ANNOUNCE.MCAST.NET
google turns up:
tcp, udp tve-announce TVE Announce corp.webtv.net
which happens to be owned by msnTV
------------------------------------------------
Theoretical attack on packet video subscribers
that are targeted for ILLEGAL marketing studies
-----------------------------------------------
Step 1: Grep network segment for subscribers
using above method.
Step 2: Set up snort to watch all multicast
traffic coming from subscribers found
using step 1.
Step 3: Write a filter to watch all non multicast
traffic and determine the time intervals
non "membership report" packets are leaving
the devices.
Step 4: Set up a cron job based on a snort rule set to
poison the ARP cache of the subscriber , snag
a copy of the information and forward to prov-
ider like nothing has happened ( man in the middle).
Now , we might not be talking about state secrets, and this
may sound like another useless rant , but imagine if you will
TIA's initiative to force isp's to sniff data for them , and
a massive theft of supposed marketing data by a government
agency.
Also , I should mention that it isn't a flaw in the actual
multicast providers I am attacking , but TiVo's ridiculous
claim that they can "protect the information of individuals"
over networks they have NO CONTROL OVER.
sleep well
-meme boi
<snip>
A video-on-demand broadcast will typically connect thousands of users to
the same video source using multicasting techniques. Therefore, packet
networks must accommodate both many-to-many and one-to-many models.
http://www.atmforum.com/aboutatm/video.html#categories
</end snip>
Powered by blists - more mailing lists