Dish has a major problem

Status
Please reply by conversation.
I agree a change is needed at Dish. My idea for a Internet / Satellite solution really isnt that far off, SBC is close to launching the base for it with their Home Zone box. With a little more tweeking it could be made able to handle the extra security.
 
Am I correct in thinking that Star Choice and Directv are not hacked? All you ever hear about is Dish Network. If so Dish needs to do whatever they are doing.
 
What happened to the built in smartcards? Shouldn't that prevent it some since you can't use a hacked card?
 
Requiring a phone line connection would only address units that were registered through dishnetwork. Also it wouldn't allow some customers that are mobile or have cellulars to be able to operate their receivers. Furthermore it would not stop someone from buying a new/used receiver and performing self activation because phone number traces or investigation could be too difficult (involves authorities, violates privacy, etc).

They should add a internal cellular phone link feature in future models that call home with receiver info, smart card status and even GPS location.
This way even if a receiver is unregistered it's still be alerting its existence so dish can disable it remotely if necessary. A good time to include this feature would be during the mpeg4 transition then by the time all channels are converted the older receivers would be obsolete.

This technique isn't a perfect solution because there will be some that reside too far from a cellular repeater and therefore never will be contributing feedback but those would be minor cases. Also it doesn't address today's needs but merely improves security sometime in the future. Another obstacle is that some type of cellular phone service might be incurred. So what effect would that have on the customers? Maybe the fee (if any) could be waived if the customer uses a land line connection which overrides the cellular alternative.
 
Hey scott good morining... glad to see you reopened this thread.. I know that we all agree changes need to be made. all i can say is im shocked and awwed.. I just cant belive how wide open dish has left themselfs with this one..
 
Dial in/network connect etc. really won't do much. Probably a lot easier to get around those than the card itself. They need to switch to a different encryption system, maybe Digicipher. The problem they had when deciding on how to upgrade was keeping all the installed receivers working. This left them with little choice for the upgrade. The upgrade could only be so different and still work with old hardware.

Move to mpeg4 with a new encryption system.
 
DirecTv and Starchoice are a perfect example of "security through obscurity". The main reason they are secure is the fact that the hardware in their receivers is unique to North America, and in the case of DirecTv, it is unique to them only. Nothing else in the world can receive and bring the digital stream coming from their sats to the PC of the worldwide hacker community. On top of that DirecTv developed their own new security system, which combined with the fact that you are required to have a "DirecTv only" receiver to watch, has been the reason why their platform has been secure for quite some time.
On the other hand Dish uses the universal DVB standard, and there are hundreds of millions receivers and PC cards worldwide that can receive their signal. Their security system - Nagravision - is in use in Europe too, and rumours say that this is where the current Nagra2 hack has come from.
Starchoice don't use such unique hardware and protection (4DTV, VOOM are the same), but they are too small and never used smart cards, that's why they have never been of particular interest to the hackers.
I guess there's not much that Dish can do to change their hardware platform - if they do, they will have to replace every single existing receiver with something much more expensive. The most effective short term way to fight piracy will be to make it too difficult and troublesome for the "free tv"-ers to continue to support the black market industry, and they say that the new Nagra2 platform gives lots of opportunities in that respect. I don't think they have lost the game - they may have not have a totally secure platform, but they have all the tools to make it secure enough so that it doesn't threaten their bottom line and the cable and satellite industry.
 
I don't know if Digicypher works with the DVB standard or not. VOOM was running both Digicypher and NDS, so I guess anything is possible.

it should be noted a form of Digicyper is being used for Digital cable, and it has not been cracked. Maybe dish should look into it.
 
1. Don't use the same encryption system that most of the european providers are using. The system (N2) was initially compromised in Spain, and was quickly ported over to dish's system.

2. All of your ideas for securing the receiver (connect it to ethernet, etc) will LESSEN the amount of people doing it, but the fact is people aren't using echostar receivers to watch their pirate tv... By using a standard (DVB) satellite system, they inadvertantly open themselves to equipment outside their control.

3. Moving to mpeg4 might work, but how long will that take? How much money? I bet by the time they transition to mpeg4 there will be other means of watching mpeg4 satellite feeds.

4. This might all go away soon. We have not seen echostar's response (countermeasures) to this breach yet. However, the fact that their "bulletproof" new system was hacked in the first place, makes this a very interesting situation to watch.

5. Starchoice hasn't been hacked because they use a different system and frankly, with options like dtv and dish, their programming stinks. Can you blame a hacker for going after the big pot of gold instead of the penny jar?

6. Directv's system so far has been more secure in my opinion, because there are less people working on cracking it. They use their own in house encryption. Dish bought thiers from Nagravision who also secures systems in europe. Now you have Canucks, US, and Europeans all working to crack a similar system. (big mistake, as pointed out in #1)


Remember #4.. Dish hasn't struck back yet, so we'll see. I feel like they were forced to "do something" about the encryption by their content providers. (MPAA, broadcasters). I think they should have stuck with the old cards, and all the money used for the swap could have been used to develop new types of countermeasures. Oh well, I dont run a billion dollar satellite company, so my opinion doesn't count :)

Oh yea, on edit.. Ebay prices on certain receivers are going to be going up, so if you got something sitting in the basement, nows the time to sell it :D
 
This may be a stupid question, but what about integrating something like the garage door openers that re-set a different code for the next use? Whenever the receiver dials in, or connects, or whenever the datastream tells it, the receiver has to switch to a randomly generated code that... I don't know... I'm not an expert. :)
 
I have some questions.

The smartcard contains the channels that the receiver authorizes, correct? And the problem is that hackers have found a way to read and update the smartcard?

What does a receiver report when hooked to a phone line?
 
Hackers,major problem? I think not. Theft is always a part of retail business. Is Wal Mart going out of business because of shoplifters? NO! Not all people are thieves. Some are but, the people who hack DBS are the same ones who would not think twice about putting something in their pocket at Wal Mart and walking out the door without paying. Theft of goods and services is a unavoidable part of doing business. The losses are paid for by the legitimate law biding customers.
 
As was mentioned before, Dish should change to a different encryption. Either come up with their own or use an existing type. Now is thier chance to do that with the onset of mpeg4. When they change over to mpeg4, everyone is going to need a new receiver. What better time to do it! PowerVu would be my choice as it is one of the most secured. Just my 2 cents.
 
jergenf said:
I have some questions.

The smartcard contains the channels that the receiver authorizes, correct? And the problem is that hackers have found a way to read and update the smartcard?

What does a receiver report when hooked to a phone line?


Dish Network receivers only reports PPV purchases when it phones home. I think. It might also report the receiver info, and what phone number it dialed from.

The receivers some pirates are currently using aren't made by dish so they dont phone home at all. They don't even have a smart card. However, other pirates have modified the card to add packages they dont pay for. Dish is getting hit from all fronts right now! Maybe they should go hire some of these hacker guys, some seem to know their system better than dish does!
 
Well first, I have heard that digi cable was compromised, but enough of that, the problem with a ethernet/phone connection is if the hackers cant compromise the smartcard, they will go after the ethernet/phone, its only data packets. There is no foolproof way to do it.

I remember wayy back when (in the days of analog cable) the cable co ran an ad during a tyson fight 'free tshirt call us'. They matched the phone #'s w/ subscribers, and whoever didnt match, they arrested and got em.

Now I know its not practical for E* to give away millions of t-shirts, or to go change there smartcards right now, the best way I can see is for them to be heavily agressive on anti-piracy, find the leaks, and plug them up! Personally I do think TV should be alot cheaper (especially cable!), but stealing is not the answer!

Maybe for an idea, to help out, is when E* sends down the authorization signal, that will be the ONLY way that the system will allow it (over the satellite, not by some magic bypass) then at the same time, it would dial back to E*, so it could be turned on via phone/ethernet, and some random code that the receiver sent to E, would be sent via the satellite back to the receiver, to authorize it. Sounds like a pain, but I dont think that hackers have access to the satellite uplink controls!
 
Dish needs to finish the conversion right away to N2. This will kill all the old pirates off. N2 was developed before the newer hacking techniques were found. They need to analyse the techniques being used and design a specific way to counteract them. Then roll a new N3 system ASAP. Make it so that keeping up with Dish pirating is hard for the average user. Remember the hackers now make the money by selling the equipment to pirate with to the average user. If Joe Shmo has to keep paying big bucks to get his pirate equipment, he might change his mind about pirating.
 
*** MESSAGE REMOVED ****

Please keep the topic of ideas what can be done to stop hackers, not ways to hack Dish Network. ;)

THANK YOU!
 
beeb said:
DirecTv and Starchoice are a perfect example of "security through obscurity". The main reason they are secure is the fact that the hardware in their receivers is unique to North America, and in the case of DirecTv, it is unique to them only. Nothing else in the world can receive and bring the digital stream coming from their sats to the PC of the worldwide hacker community.

There are some newer PCI cards that work with the DirectTV signal.

The system used by Starchoice isn't too obscure. It's used by many networks to get their signal to headends in North and South America and is also used by Comcast to broadcast their HITS lineup.
 
HokieEngineer said:
The receivers some pirates are currently using aren't made by dish so they dont phone home at all. They don't even have a smart card. However, other pirates have modified the card to add packages they dont pay for. Dish is getting hit from all fronts right now! Maybe they should go hire some of these hacker guys, some seem to know their system better than dish does!
Thank for clearing that up.

For the pirate technique that modifies the smartcard to enable additional programming, couldn't dishnetwork just reset the current channel list for each client every now and then (or are they already doing that)? If clients have to keep making weekly trips to their neighborhood hacker it could become too troublesome and expensive to keep using that method.

Some are suggesting a new encryption as a solution, but if they change that all of a sudden wouldn't that affect all existing receivers?
 
Once again I would like to ask the the discussion be things Dish can do to fix their problem and NOT how people hack the signal.

Thanks for your understanding. :D
 
Status
Please reply by conversation.