Download Living Room Connected Devices PDF

TitleLiving Room Connected Devices
File Size8.3 MB
Total Pages90
Document Text Contents
Page 1


Neil Robinson, Jon Freeman, Jan Gaspers, Veronika Horvath,

Tess Hellgren, Alex Hull

Living Room
Connected Devices
Opportunities, security challenges and privacy
implications for users and industry

Page 45

Living Room Connected Devices


lower level of transparency and reduced user control over the security of LRCDs. While users performing
risky interactions despite warnings is among the most salient concerns for traditional computer security,
these concerns are somewhat less relevant for LRCDs, although users’ willingness to engage with security
setting on devices that often have a limited interface, as described in Chapter 2, can present limitations.
Rather, as concluded by academic researchers Krol et al. (2012), their lower level of security often appears
to be determined by the availability of appropriate tools for protection.

Furthermore, several LRCDs, such as Internet radios, lack an appropriate easy-to-use interface that would
enable users to access and manage such built-in security settings. Consequently, the set of tools available
to the user of a LRCD often depends mostly on the properties of the device purchased and its default
settings, with little scope for the user to use upgraded security from a third party. In addition, even for
devices for which protection mechanisms exist, several academic studies (e.g. Al Falayleh 2013; Herfurt
2013; Kuipers et al. 2014) indicate that their reliability may be limited.

Users have at their disposal a more restricted range of user-managed security tools, such as antivirus,
antimalware software or removal tools, on LRCDs. While applications running on these devices, such as
browsers, might have their own security plug-ins, most connected devices rely on other factors for
security, such as replacing devices, automatic security patches and network-level security tools.

Encryption capabilities are under-utilised

Devices use encryption to maintain the confidentiality of the data being transmitted. Academics Iyer et al.
(2012) stress that encryption used together with authentication and identity management can be a
powerful tool in preventing large-scale security breaches, especially when these elements are designed in a
way to support each other. An example of harm cited by Iyer et al. (2012) and SafeNet technology
commentator Ocampo (2011) that could have been potentially prevented by encryption is offered by the
Sony Playstation breach in 2011, which has been imputed to a lack of links between authentication and
encryption. However, despite their widespread availability (for instance in LG connected systems, see LG
2014), an interviewee from a security company suggested that built-in or optional encryption capabilities
are often not activated by manufacturers or users (Symantec 2013a).

DRM technologies developed for PCs might not be suitable for LRCDs

DRM tools are important to protect content and assure digital rights. At present, there are seemingly few
fundamental differences between the tools utilised for DRM on PCs and on those devices found in the
ICLR. However, the adequacy of such measures to protect content consumed in a connected living room
setting might be inferior. One area where DRM technologies and solutions are challenged by the
development of LRCDs is the maintenance of digital rights protection across a complex value chain that is
emerging in the market for these devices and services (see Chapter 1 of this report). The wide range of
players involved in the market, which includes app developers, platform providers and ISP companies as
well as hardware manufacturers, means that there are even more channels through which DRM has to be
considered. For example, upon a compromise of cryptographic protocols used to protect content, the
means to revoke the compromised code or update the available tools to close the vulnerability could
involve several of the above-mentioned actors at the same time, resulting in a potentially higher level of
diversity than in a PC-orientated domain.

Page 46

RAND Europe


Table 3.1 summarises the most commonly used DRM methods:

Table 3.1. DRM instruments

Instrument Relevance for LRCD

Encryption Non-legal copies of software or content (e.g. DVDs,
games) cannot be played on the device.

Limited number of plays/installations It could be difficult for users to transfer games
between their devices or re-install their systems
following a security update if these actions go beyond
the permitted number of installations.

Blocking URLs associated with P2P sharing or
streaming of illegal content

Addresses can be blocked at the ISP level, e.g.
filtering obligations of ISPs in the UK. However, the
blocking of these sites is not without some

Denying content compatibility on devices with
weak DRM mechanisms

LRCDs using this system may be at a competitive
disadvantage compared to devices with DRM
mechanisms judged to be more reliable by content

Audio watermarking technologies Embedded features in LRCDs, such as Cinavia, can
detect if content is pirated by searching for inaudible
sound codes produced by legitimate vendors, and
then cancel the playback of content that lacks the
watermark. This also may hinder the playback of
legitimately copied or converted files.

‘Always on’ DRM This mechanism relies on constantly authenticating
the product via a constant online connection, meaning
that products (e.g. games such as Sim City) can only
be used when the device is connected to a server.
However, this protection method is vulnerable to
accidental losses of connectivity which can diminish
the user experience, as well as denial of service
attacks. According to the Xbox Wired official blog,
negative user feedback on this type of DRM was one
of the reasons why Microsoft revised its original plans
to deploy always-on DRM on the Xbox One (Mattrick

Finally, noting the recent LG data collection case (Guardian 2013a), device manufacturers have the
capability to include software that reads files stored on hard drives connected to the device. These could
enable monitoring of digital-right-infringing content consumed through LRCDs, such as in the case
exposed by a blogger in connection with LG smart TVs, but is also understandably seen as a privacy
concern (DoctorBeet’s Blog 2013).

Page 89


Appendix B – Descriptions of LRCDs and services

A brief summary of the LRCDs and the services they can offer is provided below.

Examples of devices

Smart TV: A TV that integrates some of the features of a computer with those of a TV. Smart TVs
usually offer interactive functions and can download apps (Kovach 2010). The connection to the Internet
is either direct through a cable in the back of the TV or through a connected box. It is also possible for
smart TVs to communicate with other devices such as computers, smartphones and tablets (Hommerberg
2012; Nilsson Helander 2013).

Internet-enabled TV: The term ‘Internet-enabled TV’ covers any television set connected to the Internet
via a third-party device, such as a set-top box, a games console or a laptop/PC. The set-top box might be
provided with services such as Sky On Demand, Virgin TiVo, BT Vision or Talk Talk. Games consoles
used include Microsoft’s Xbox Live, Sony’s Playstation 3 and the Nintendo Wii. Laptops/PCs are
connected through a cable run from an output port to an input port on a compatible TV (Ofcom 2013).

Set-top box: Set-top boxes mean that users can enjoy connected TV even without owning a smart TV. A
set-top box is a device that allows a TV user to interface with the Internet and to receive digital television
broadcasts (TechTarget 2005).

Games console: A games console plugs into a TV to allow users to play video games, and increasingly
also offers greater connectivity and ability to share content between devices. Games consoles are designed
primarily for purchasable games content to be played on them, either in offline ‘single-player’ mode, or
online through a dedicated network with other players. Increasingly, games consoles are the primary
device for users to consume other types of media besides games, such as on-demand television, Internet
browsing and music. The newest devices include Sony’s PlayStation 4, Microsoft’s Xbox One, and
Nintendo’s 3DS and Wii U.

WiFi: WiFi, otherwise known as a wireless network, is a means of Internet connectivity that dispenses
with the need for direct, cabled access to a router; WiFi allows wireless communication with the Internet
and other devices. Higher-performance WiFi devices will also start to become available: ‘While the vast
majority of network connections in the living room today are 802.11n, this will shift in coming years as
smart TVs, Blu-ray players and net-tops adopt 802.11ac dual-band connections’ (NextMarket Insights

Page 90

RAND Europe


Second-screen devices: The user interface for a smart TV can be through a so-called second-screen device
such as a smart phone or tablet computer; having been designed with inherent usability, and because it
has a screen separate from the main display and much closer to the user, often with touch-screen
capability, a second screen can rapidly be used to get more out of a smart TV.

Examples of the services and tools that can be enjoyed through LRCDs

Applications: Applications, commonly referred to as ‘apps’, are pieces of software that can be installed on
a device that give additional functionality or features. Because different smart TVs use different platforms,
not all apps work on all TVs; smart TVs often come with a set of apps installed and, depending on the
model, users may be able to download further apps (Nilsson Helander 2013).

Internet Protocol Television (IPTV): IPTV refers to the IP networks that deliver services to smart TVs
such as Live TV, on demand programming, and Interactive TV (ATIS 2005). IPTV services are usually
delivered over a managed network such as Sky or BT Vision (BBC 2008).

Video on Demand (VoD): VoD is a service that allows users to stream or download video content over a
network at a time of their choosing. In contrast to IPTV, VoD does not need to be delivered over Internet

Protocol, but can be delivered to a set-top box from the broadcaster (BBC 2008).

Catch-up TV: Catch-up TV is a form of VoD that allows users to replay traditionally broadcast
programmes up to a certain period after their on-air broadcast. BBC iPlayer and ITV’s 4oD are platforms
upon which catch-up TV is regularly watched.

Pay-per-view (PPV): PPV are telecasts that are delivered for a fee to the consumer at a specific time only.
They are most commonly used for live events such as sporting or musical performances and are available
through cable and terrestrial or digital satellites.

Internet Radio: While ‘Internet radio’ can refer to streaming music services such as Pandora or Spotify,
which can be played on a variety of Internet connected devices, Internet radio in the context of this report
refers to stand-alone hardware devices that are designed to receive Internet radio stations.

Similer Documents