Android-based set-top devices have saturated the market in recent years, and it’s not uncommon for households to have several; downstairs, upstairs, and probably at least one in a drawer.
These devices, including the ubiquitous Amazon Firestick, are mostly content agnostic and equally capable of streaming video from legal sources such as Netflix or BBC iPlayer, or from unlicensed IPTV platforms.
The problem for rightsholders and governments hoping to curtail consumption of pirated content, is that the devices themselves are overwhelmingly legal. It’s the presence of piracy software installed on devices and the nature of the content consumed that tips the scale one way or the other. As a result, no realistic blanket banning solution exists, although Brazil has come up with a partial solution.
Devices Illegal By Default
The set-top device situation in Brazil is relatively straightforward. Unless telecoms regulator Anatel (Agência Nacional de Telecomunicações) authorizes a device type for importation, distribution, and sale, that device cannot be used legally in Brazil.
Anatel says its conformity assessment ensures that consumers only have access to products (typically electronic devices such as cell phones, tablets, set-top boxes, routers, etc) that have been tested for quality and safety.
Set-top boxes without a Technical Conformity Certificate are illegal regardless of the content consumed. That eliminates a lot of red tape when Anatel decides to seize well over a million devices to curtail piracy, because all seizures are carried out on straightforward health and safety grounds.
For devices that enter the local market without certification, Anatel regularly reports various actions to remove them. In 2023, Anatel revealed its new anti-piracy lab, where intelligence meets site-blocking measures to disrupt supply and consumption of pirated content.
Most famously, the regulator said it had blocked 80% of all pirate set-top boxes in Brazil during October 2023. To this background of ongoing success, Anatel is now promoting a competition where hackers can test their skills to determine who has the best non-certified pirate set-top box blocking skills in Brazil.
Anatel Teams Up With Hackathon Brasil
If any cynics out there think that the real point of the hackathon is to shore up IPTV blocking measures in Brazil with fresh ideas and techniques, Anatel isn’t even trying to hide it.
“The National Telecommunications Agency (Anatel) and the Hackathon Brasil Community will hold the first TV Box Hackathon focused on developing innovative solutions for blocking irregular [non-certified] TV Boxes,” an announcement on the government’s website reads.
“The developer marathon will take place on September 28 and 29 and represents an important project for the industry, regulated sector and academia, highlighting Anatel’s role in the state of the art of technological innovation.”
A dedicated information page on Hackathon Brazil begins by outlining the prevalence of IoT devices and growing concerns over security.
Noting that devices without certification “pose risks to consumers and to Brazil’s telecommunications infrastructure,” more specific concerns include operating system vulnerabilities, malware, spyware (hidden screenshot capture and screenshare actions), plus the ability to execute code on other devices within a LAN.
The Mission, Should You Choose to Accept It
Whether those who choose to sign up will receive more detailed instruction is unclear, but the main goal isn’t difficult to understand.
So the challenge is this: by understanding how these non-approved devices work, you must develop an approach that is capable of interrupting the exchange of data that occurs between the devices and their users.
Given the difficulties Anatel faces in tackling millions of these devices, mostly located inside people’s homes, the winners of the hackathon are unlikely to find success by physically attacking a device with wire, solder, or a modified ROM. Any solution must scale but before that, there’s the question of how to gain mass access to devices.
The masters of access at scale are those who manage to build botnets using malware that users often willingly (although unknowingly) install themselves because they believe the software does something else. Coincidentally or not, for many years Brazil has been heavily targeted by botnets running on cheap, compromised Android set-top boxes.
According to a report from cybersecurity firm ESET, malware that disproportionately targets Brazil regularly arrives disguised as legitimate or illegitimate streaming apps.
Further research shows that the dangers cited by Anatel relate directly to this type of malware, including the ability to infect other devices in a network, typically cheap IoT devices with poor security. Cybersecurity companies charge millions of dollars to solve problems smaller than this.
Winners’ Rewards
Anyone interested in registering has until September 20th to fill in their details on the official Hackathon Brasil site and for those who come out on top at the end of the event, prizes are as follows:
When converted to United States dollars, the winners receive ~US$1200, second place ~US$530, and third place ~US$350, and after reading the small print and the event regulations (pdf), a few things deserve to be highlighted.
This is a team event and the minimum team size is four. So if a four-person team wins by solving what appears to be a critical problem faced by Brazil on the security side, and national and international rightsholders on the other, all members stand to pocket $300 each. Come third with a six-person team and each member will receive just under $60.00, or $30 for each day’s work.
Intellectual Property Protection
Of course, everything doesn’t always have to be about money, why can’t we all just have fun for a couple of days and just enjoy ourselves? The answer lies in a concept known as ‘intellectual property’ and the value of that property to those who create it. While the odds are stacked against, the aim here is for the winners to create an extremely valuable piece of intellectual property.
The rules for the event state that all who register for Hackathon TV Box authorize the ‘ORGANIZING COMMITTEE’ (COMISSÃO ORGANIZADORA) to “use, edit, publish, reproduce and disclose, through newspapers, magazines, television, cinema, radio and internet, VHS and CD-ROM, or in any other means of communication, free of charge and without prior or additional authorization, their names, voices, images, projects or companies, both nationally and internationally, for a period of 10 (ten) years.”
The committee is defined as “members and directors of the Hackathon Brasil Community and ANATEL” with a note that “the safeguarding of intellectual property rights, the ideas, arrangements and methods will be the responsibility of the project’s own design team.”
Legal statements exist for a reason and the above seems to grant permission to “use” “free of charge” “the project” “nationally and internationally” “for a period of 10 (ten) years.”
It’s probably just a reference to image/publicity rights; definitely so if the project fails to deliver. In the event a miracle plays out, who knows?