Month: March 2016

The advent of cheap Android devices such as Amazon’s Fire Stick and dozens of set-top variants means that anyone can install legal software such as Kodi and then modify it to do less legal things.

With the correct know how, all the latest movies, TV shows and live sports are just a few clicks away, all streamed over the Internet, for free. This ease of use irritates rightsholders who seem powerless to do much about the flood of illicit broadcasts.

Also complicating the situation is that individuals looking to make a quick buck are selling piracy-configured devices on eBay, Amazon and other venues, meaning that anyone can get in on the close-to-free TV action by shelling out a few pounds, euros or dollars.

Today, however, the UK’s Police’s Intellectual Property Unit (PIPCU) has made a tiny dent in this illicit market after arresting several individuals said to be involved in the sale of ‘pirate’ boxes configured to stream content including movies and sport.

Following the execution of seven search warrants at as many locations in the north of England (Consett, Lanchester, Washington, Gateshead, Middlesbrough, Sunderland and Seamer), six people were arrested.

Police say that a 37 year-old man targeted in Sunderland was arrested on suspicion of distributing an unauthorized decoder, money laundering and making and/or supplying items for use in fraud.

The investigation, which was carried out with the assistance of Trading Standards and the Federation Against Copyright Theft (FACT), led to the seizure of 42 “illegally modified” set-top boxes configured to receive subscription-only TV.

“This operation is an excellent example of multi-agency working across force boundaries to tackle piracy and those intent on making money at the expense of honest subscription payers who deserve a fair deal,” says PIPCU’s Detective Chief Inspector Peter Ratcliffe.

“We routinely seek to identify and disrupt those intent on making quick cash from piracy and will use every enforcement opportunity to bring them to justice.”

While buyers of such devices might think they’re getting value for money, both PIPCU and the Federation Against Copyright Theft are keen to point out that they’re not risk free.

“Consumers need to be aware that these cheap pre-configured TV boxes are illegal,” says FACT Director General Kieron Sharp. “They are stealing copyrighted content and starving UK businesses from revenue, as well as putting consumers’ devices at risk of malware and ransomware.”

A pirate box holding itself to ransom is an interesting concept but not one that appears to be gaining any traction on sites specializing in such topics. Indeed, in many instances using one of these boxes is much safer than visiting streaming sites directly, since much of the malicious advertising is filtered out.

This week’s arrests follow at least two previous operations (1,2) targeting the sellers of ‘pirate’ boxes in the UK.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Source: TorrentFreak

And it wants to hear if you think you’ve been a victim. The post The FBI Warns That Car Hacking Is a Real Risk appeared first on WIRED.

Source: Wired.com Top Stories

Nearly three years after secure email firm Lavabit was ordered to help the FBI spy on a customer, that customer has been identified as NSA whistleblower Edward Snowden. The post A Government Error Just Revealed Snowden Was the Target in the Lavabit Case appeared first on WIRED.

Source: Wired.com Top Stories

Writer-director Jeff Nichols gave himself a very interesting challenge for his new sci-fi film. The post Jeff Nichols’ Big Midnight Special Challenge? Conquering Light appeared first on WIRED.

Source: Wired.com Top Stories

Watching Wikipedia edits unfold around breaking news offers a window onto the site’s idealistic effort protect facts from the country’s polarized politics. The post Is Judge Garland a Liberal? Wikipedia Editors Battle to Save Facts From Politics appeared first on WIRED.

Source: Wired.com Top Stories

Five new papers add new detail to the dwarf planet. The post Buckle Up, Space Fans: A New Batch of Pluto Science Is Here appeared first on WIRED.

Source: Wired.com Top Stories

Earlier this year, Warner Bros. and Intel daughter company Digital Content Protection (DCP) filed a lawsuit against LegendSky, accusing it of violating the DMCA’s anti-circumvention provisions.

LegendSky is the maker of HDFury devices which allow users to “strip” the latest HDCP encryption, according to the complaint.

This makes it much easier for pirates to circumvent the stronger HDCP content protection and release pirated copies of 4K films and series. Late last year several 4K leaks started to appear online, right after the HDFury devices went on sale.

However, the Chinese company fiercely rejects these piracy claims and has launched a counterattack in a New York federal court this week. LegendSky explains that their devices are not “stripping” any HDCP copy protection.

Instead, the HDFury devices merely convert newer versions of HDCP to older versions, such HDCP 1.4. These conversions are permitted by the DMCA as a fair use exception when they are used connect two separate computer programs.

In addition, DCP’s own license agreement specifically permits licensees to convert HDCP copy protection, the company informs the court.

In their counterclaim (pdf) LegendSky notes that several HDCP licensees including Netflix, Disney, NBC and CBS have bought their devices for legitimate purposes. “And yet Plaintiff alleges that HDFury Devices are nothing more than “strippers,” the company adds.

NBC and others use HDFury

LegendSky states that DCP’s lawsuit is an illegitimate attempt to keep its licensing monopoly intact, and the company is now countersuing the Warner and Intel daughter company for monopolization.

“Plaintiffs’ Complaint is a sham. They know, or should know, that Plaintiff DCP’s licensees, including Netflix, use HDFury Devices to convert newer to older versions of HDCP so as to enable interoperability between devices.”

“In reality, then, the Complaint is a bludgeon to use against Defendant so as to unlawfully expand the scope of Plaintiffs’ copyright monopolies, and protect Plaintiff DCP’s HDCP monopoly licensing rents in the relevant market..,” LegendSky adds.

In addition, DCP is also being sued for defamation after painting LegendSky and its customers as criminals.

“Plaintiffs have, either directly or indirectly, made knowing false statements of fact to third parties wherein they have painted Defendant as a criminal enterprise releasing the HDFury Devices with no other intent than to steal and pirate copyrighted materials,” they write.

“These imputations of intentional criminality have injured Defendant’s reputation and standing in this District,” the counterclaim adds.

The Chinese hardware manufacturer is asking the court to dismiss the original complaint and award damages and penalties against DCP, where appropriate.

Given LegendSky’s strong reply, this case could get very interesting. While there is no doubt that pirates can use HDFury devices to downgrade HDCP copy protection to a more easily crackable version, the devices also have plenty of legitimate uses.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Source: TorrentFreak

Ever since the launch of Apple’s app-enabled devices, users have sought ways to run software not sourced from the official App Store. It’s been a cat-and-mouse battle, with teams of security experts trying to break Apple’s security to enable a process known as ‘jailbreaking’.

A successfully jailbroken iPhone, for example, can not only run software from third party app stores such as Cydia, but can also run pirated iOS software. Needless to say, with this feature the popularity of jailbreaking has soared, prompting Apple to do everything it can to close security holes.

However, in 2013 something unexpected happened. A new technique known as the “FairPlay Man-In-The-Middle” (MITM) attack exploited flaws in Apple’s ‘Fairplay’ DRM system to allow both pirated and third-party software (unapproved by Apple) to run on iOS devices. Crucially, this could all take place without a jailbreak being deployed on the device.

Somewhat surprisingly people with the ability to carry out the third-party software exploit have been remarkably well behaved for the past three years but all good things come to an end. Rather than using the loophole for consumer-friendly activity, attackers are now using it for evil.

According to Palo Alto Networks researcher Claud Xiao, there now exists iOS malware that is able to deploy itself to non-jailbroken devices using the man-in-the-middle attack previously used by pirates.

Named “AceDeceiver” by the researcher, the malware targets the method of transferring App Store purchases from the iTunes software installed on users’ computers to their iOS devices.

“iOS devices will request an authorization code for each app installed to prove the app was actually purchased,” Xiao explains.

“In the FairPlay MITM attack, attackers purchase an app from App Store then intercept and save the authorization code. They then developed PC software that simulates the iTunes client behaviors, and tricks iOS devices to believe the app was purchased by victim. Therefore, the user can install apps they never actually paid for, and the creator of the software can install potentially malicious apps without the user’s knowledge.”

But to do its dirty deeds AceDeceiver needs to find a way onto a user’s device in the first instance and that was achieved via Apple’s very own App Store.

Between July 2015 and February 2016 software claiming to be wallpaper apps successfully passed Apple’s vetting systems and were made available to Apple users. The way this was achieved was extremely cunning, with the App only going into malicious mode if it was run in a certain geographical area, in this case, China.

“The iOS apps of AceDeceiver mainly act as a third party app store if users access them from China. Note that some of the apps or games they provide in the store are also installed through a FairPlay MITM attack. In addition, these apps strongly suggest users input their Apple ID with password so that users could ‘directly install free apps from the App Store, execute in-app purchase, and login to Game Center’.”

That doesn’t sound like good news and indeed, the researchers found that claims that the software did not transfer login credentials were simply untrue.

“In fact, we discovered all versions of AceDeceiver will upload the Apple ID and password to [the attackers’ server],” Xiao adds.

All three apps were removed by Apple after the researchers reported them in February 2016 but their threat remains.

“The attack is still viable because the FairPlay MITM attack only requires these apps to have been available in the App Store once. As long as an attacker could get a copy of authorization from Apple, the attack doesn’t require current App Store availability to spread those apps,” Xiao explains.

“While the attack requires a user’s PC to be infected by malware first, after that, the infection of iOS devices is completed in the background without the user’s awareness. The only indication is that the new malicious app does appear as an icon in the user’s home screen, so the user may notice a new app he or she won’t recall downloading.”

The full disclosure from Claud Xiao can be found here, along with removal instructions for those concerned they may be infected by the malware.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Source: TorrentFreak

Today Nike unveiled the HyperAdapt 1.0, its first pair of self-lacing shoes. The post Nike’s Back to the Future Self-Lacing Shoe, the HyperAdapt 1.0, Is Finally Here appeared first on WIRED.

Source: Wired.com Top Stories

This week the WIRED culture podcast is full of mysteries. The post Culture Podcast: We’ve Been to 10 Cloverfield Lane appeared first on WIRED.

Source: Wired.com Top Stories