Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
If U View A Public Url Mobitv Considers U A Hacker
#1
Basically this is what happening. It turns out Mobitv stores links to their feeds in a plain text file that anyone with internet access can view. Apparently viewing this text file is considered 'hacking'. These feeds do not appear to be protected in an anyway and it appears anyone with a compatible phone can view them.

I'm sure Mobitv's content providers would be very interested to know that mobitv is broadcasting their intellecual property while taking such measures to protect it.

It's like they're a movie theater with see through walls. If you walk by you can see what's going on but they don't want you to.

Anyways Mobitv is asking us to remove the link to this text file. If we do not they are threatening to contact ICANN and HowardForum's host to get the site pulled down.

http://www.howardforums.com/announcement.php?f=49
My other ride is your Mom
Reply
#2
Someone had to stumble the exact file, which isn't publicized... which is their point. They're posting "back door" access to content that they might not deserve access to.

I can see exactly what they're getting at. Howard should nuke the thread and be done with it.
Daily driver 1: 2007 Jeep Wrangler Unlimited Sport "S"

33" BFG Mud-Terrain KM2s, lots of Rough Country gear - bumper, 2.5" lift, swaybar disconnects, Superwinch 10,000lb winch, Detroit Locker in rear D44 axle, custom exhaust, K+N filtercharger, Superchips-tuned.

Daily driver 2: 2006 Subaru Legacy GT

COBB Stage 1+ package - AccessPort tuner, COBB intake and airbox. Stage 2 coming shortly - COBB 3" AT stainless DP and race cat, custom 3" Magnaflow-based exhaust and Stage 2 COBB tune.
Reply
#3
a reply from one of the DIGG threads..

WiWavelength Wrote:I composed the following e-mail to Josh Andrews & Ellen McDonald, internal legal counsel to MobiTV. I encourage you to do likewise. Feel free to copy & paste. I do not quibble over my copyright.

jandrews@mobitv.com
emcdonald@mobitv.com

--

To whom it may concern:

I openly requested the sprintTVlive.mcd document from a server attached to your Internet domain, MobiTV.com. I did so via a standard, ubiquitous Internet protocol, Hypertext Transfer Protocol (HTTP). The server, as an agent of MobiTV, readily complied with my open request. As such, MobiTV is legally complaisant to my possession of this document.

The sprintTVlive.mcd document contains explicit instructions for accessing MobiTV content. I followed said instructions. For example, I openly requested the live.mobitv.com:554/4103-CDMA.sdp audio visual content from a server attached to your Internet domain, MobiTV.com. I did so via a standard, ubiquitous Internet protocol, Real Time Streaming Protocol (RTSP). The server, as an agent of MobiTV, readily complied with my open request. As such, MobiTV is legally complaisant to my viewing of this content.

Court precedent has held that a Uniform Resource Locator (URL) (i.e. Internet address) is not subject to copyright protection, only the content linked to the URL may receive such protection. Thus, MobiTV has no grounds for protesting dissemination of affected URLs, all of which are openly, publicly accessible. And, if the aforementioned document or content is copyrighted material not intended for my free, personal use, then MobiTV, as the copyright holder or an agent of said holder, has a legal responsibility to secure and protect that copyright, should not have readily granted my open request for access to said copyrighted material. That grant implicitly bestowed upon me a license for my free, personal use of said material.

Technical incompetence is no excuse for misplaced legal threats.

(For good measure, I tacked on the full text of the sprintTVlive.mcd document. But that is at your discretion.)
Contribute to focuscanada.net's future!

Donations of $20 and over get a custom title!







Reply
#4
NOS2Go4Me,Mar 7 2008, 08:59 AM Wrote:Someone had to stumble the exact file, which isn't publicized... which is their point. They're posting "back door" access to content that they might not deserve access to.

I can see exactly what they're getting at. Howard should nuke the thread and be done with it.
[right][snapback]259482[/snapback][/right]

actually, in most cases, the file can be discovered strictly by accident.

It's like embedded windows media files.... you try to open a link, your browser, doesn't recognize it because the plugin isn't installed correctly, and shows the imbedded object parameters. One of them points to a playlist. So you point your browser to the playlist, and voila... you get a list of media servers and links to the media.

Looks like mobiTV uses the same sort of embedded object and playlist, which, with any bit of browsing around, one could easily stumble upon it.

Anytime you make a portion of your app open to the outside world, that's the risk you take. You can take action against anyone using the data for illegal use (like take action against someone who's downloaded credit records for identity theft), but you can't just take action against someone who stumbled on free-to-air TV.

It's really mobitTV's the one at fault and they're trying to limit their legal exposure to their clients. In reality, they can't do much other than make threats at this point as they're the ones that should be sued for breaking their contract (assuming that the contract had define the security requirements for the copyrighted content)
Contribute to focuscanada.net's future!

Donations of $20 and over get a custom title!







Reply
#5
^^ What isn't mentioned there is HOW they found out what file to use. How did they do it? If you're doing blind subdirectory listing attacks on a webserver, attempting to access info that the server doesn't give up by default when you access a hosted domain name (ie. http://www.mobitv.com), that's probing. They call it hacking, which it isn't... it's more of a "soft" brute force attempt to poll a server for resources that shouldn't be visible. On that note, there's no mention if a known IIS / Apache vulnerability was used to gain access to said file.

There's no way they just "entered a URL" without knowing the exact destination. That's an awful lot of 404s to entertain for the sake of one content file. Either they "hacked" their phone's feed and found the source file or they probed the content server until they found the source file. Either way, it's a grey area at absolute best.

Sure, if a misconfigured media player plugin gave up the URL, that's fine... but by accessing content that they shouldn't be able to (accessing wireless networks, anyone?), they aren't exonerated from legal obligations.

Yes, they should have posted how they found the URL - which they won't, because they'll just keep doing so a little more privately in the future.

Steve - LOL @ the Apache config page. But that also proves my point. By going there, you can't do blind directory listings. So, they had to know where to go. Chicken and the egg and all that.
Daily driver 1: 2007 Jeep Wrangler Unlimited Sport "S"

33" BFG Mud-Terrain KM2s, lots of Rough Country gear - bumper, 2.5" lift, swaybar disconnects, Superwinch 10,000lb winch, Detroit Locker in rear D44 axle, custom exhaust, K+N filtercharger, Superchips-tuned.

Daily driver 2: 2006 Subaru Legacy GT

COBB Stage 1+ package - AccessPort tuner, COBB intake and airbox. Stage 2 coming shortly - COBB 3" AT stainless DP and race cat, custom 3" Magnaflow-based exhaust and Stage 2 COBB tune.
Reply
#6
Brute force attacks can be considered hacking... what I'm saying is that anybody curious enough, could have found the URL in their phone, or another app that wasn't configured properly for sprint tv, which could have exposed the URL.

I think if someone posted how they found the URL, HoFo would have a stronger leg to stand on.

However, I think it's a bit of a moot point. A quick google search turns up a few hundred websites with the link.

btw.. .go to qtv.mobitv.com and tell me that looks like a properly configured web server...
Contribute to focuscanada.net's future!

Donations of $20 and over get a custom title!







Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)