Lightspeed IPTV versus MovieBeam

Saw this posting on Slashdot today.  Apparently Disney, Cisco and Intel have teamed up to offer a service called MovieBeam.  The service has you install a $200 box which receives movie content (not in real time) via the PBS broadcasting signals.  You can then have the box stream movies to your television for a fee.  Every week the “magic” broadcast signal replaces a couple of the movies on your machine and every month the box calls home via a telephone line and informs the service how much you owe.  The device should have about 40 movies at any given time that can be started, stopped, rewound, etc.

The New York Times has an article as well.

From a security standpoint how does this compare to the Lightspeed (U-Verse) IPTV Video On Demand (VOD) service?

The major technological/architectural points I see are:

  • If you are worried about NSA keeping track of what movies you watch you are pretty much out of luck either way.  Both services have you tell the central office what movies you have watched for billing purposes.  What happens to that information once they get it is out of your control.  With MovieBeam you theoretically get a bit of a lag time because the box should only call home once per month, but either way the central office gets your usage info.
  • MovieBeam recieves all the movies in the current playlist whereas Lightspeed VOD receives only the movies you watch.  This means that if a consumer wanted to steal movies from the service they might have better luck with MovieBeam because the device presumably has all of the movies available on the local box which is in the physical possession of the consumer.  I would assume the content is encrypted under some DRM scheme, but if I have the data at rest where I can mess with it that gives me a better shot at figuring out how to decrypt it.
  • The MovieBeam service sends its movies out over public broadcast signals in non-real-time whereas Lightspeed VOD recieves them over fiber and IP in near-real-time.  Again this theoretically makes it easier to steal MovieBeam content because everyone who gets PBS can intercept the signal (assuming they can find it).  With Lightspeed if you wanted to intercept other people’s movies you would need to pull it off the fiber or VDSL lines or tap a specific household’s Ethernet network.
  • The Lightspeed IPTV has an actual IP address whereas the MovieBeam does not require a computer or broadband or anything else.  For consumers concerned about security this may make the MovieBeam service attractive.  I’m sure that the MovieBeam device has a way to update its software, etc that may be open to manipulation by malicious attackers.  However, if my MovieBeam device decides to go on the fritz all I have to do is disconnect it from my TV.  This is in opposition to an IPTV device that shares my broadband connection as well as my local Ethernet network.  If the IPTV device is subverted then all of the machines on my local network are at risk of viruses, worms, spyware, etc.

It is exciting to see so many new services working to provide movies and other content to consumers in innovative ways.  We will have to see how the marketplace treats the various contenders…

–Dan
dan _at_ denimgroup.com

About Dan Cornell

A globally recognized application security expert, Dan Cornell holds over 15 years of experience architecting, developing and securing web-based software systems. As the Chief Technology Officer and a Principal at Denim Group, Ltd., he leads the technology team to help Fortune 500 companies and government organizations integrate security throughout the development process. He is also the original creator of ThreadFix, Denim Group's industry leading application vulnerability management platform.
More Posts by Dan Cornell

Categories: Uncategorized

Leave a Reply

Your email address will not be published. Required fields are marked *