Cyber-security emerged as an important theme at ANGA COM 2019 with a rallying cry to network operators and content providers to audit their workflows and devices, train staff to spot attempts to infiltrate their IT systems, and continuously monitor against threats. Eric Rutkens, Managing Director of Cyber Security at Eurofins, which launched a cybersecurity division last autumn that will identify connected home, smart home and IoT device vulnerabilities, pointed to content-related ransom demands as a good example of the dangers the television industry faces.
The production workflow can be hacked, unfinished TV episodes can be stolen, and a ransom demanded from media owners with a threat that if a payment is not made, the content will be released to the world. HBO and Sony have both been the victims of hackers, the former being threatened with the release of internal data and unseen episodes of shows if they did not pay a ransom. Sony data was famously stolen – and linked by some to its release of the controversial movie ‘The Interview’.
Emphasising why cybersecurity is something TV executives need to focus on, Rutkens identified a number of trends that are increasing security risks. These include the growing number of collaborators in the post-production phase, combined with moving video workflows and content to the cloud. But it is the vulnerabilities of end-devices that Eurofins Cyber Security division is addressing.
Rutkens said it is accepted within the software development world that a good software coder will make ten mistakes per thousand lines of code. “A smart TV has 2 million lines of code, so that is a lot of mistakes.” These errors can become security vulnerabilities, he told a Cologne audience during this week’s ANGA COM conference session titled ‘Cyber Security & Safety: Prepare your Network and protect your Customer’.
“We recently tested security for a high-end smart TV and it contained over 30 vulnerabilities, five of which were critical or high risk. The television did not comply with GDPR requirements, either. When it comes to device security, the maturity of devices is still very low,” he claimed.
According to Eurofins Cyber Security, more platforms and devices, and more mobile consumption adds up to a bigger ‘surface of attack’ for hackers, while open source platforms – where many devices are using the same core technology stack – increase the potential damage.
The company has just announced a new Security Test Lab in Groningen, Netherlands (operated by Qbit, the digital security testing, compliance, advisory and training specialist that Rutkens founded, and which is now part of the Eurofins group) to test and examine the security of IoT devices for both service providers and manufacturers. The remit for the lab also covers classic TV consumption devices including STBs, connected TV clients, PCs, tablets and mobiles. The testing covers hardware and software and can include virtual testing of devices that are remotely connected to the lab.
Happily, smart TV manufacturers have been among the first to make use of the laboratory – said to be proactively investing in their security. Set-top boxes and connected medical devices are also in the list of most tested devices.