Security Review: iTunes Movie Rentals

By robert at 7:27 pm on February 3, 2008 | 2 Comments

Recently, Apple unveiled a new system that allows customers to browse the iTunes store and “rent” selected movies for a smaller fee than it would cost to purchase them. This fee also happens to be slightly more than one would pay for renting from a video store, but convenience isn’t cheap. The iTunes rental system allows customers to download a video and store it for up to 30 days, but the movie must be watched within 24 hours of starting it. 24 hours after starting the movie, it is removed from the iTunes library.

Assets

The backing of the movie studios is a huge asset to Apple if they want to continue making movies available for rental online. Movies studios will only continue backing Apple if they feel thatI people are paying for the movies that they download, and that, once downloaded, the movies expire after a certain amount of time.

Customer trust could also be considered an asset. By making customers feel that their identity is safe with Apple, customer trust can be protected.

The credit card number of customers also need to be protected. The goal in protecting this asset would be twofold – one goal is to protect the pocketbooks of the consumers, but another goal is to protect Apple’s reputation as a legitimate player in the online marketplace.

Adversaries/Threats

Identity thieves are one adversary that is common to all online marketplaces. The threat is that someone might be able to collect credit card and/or iTunes store login information as it is being sent over the wire from a customer’s computer to an Apple server.

Customers who want to keep a movie for longer than 24 hours should likely be considered adversaries as well. The thread here is that if customers can circumvent the 24 hour limitation on watching the movie, then movie studios won’t be as inclined to offer movies for rent through iTunes.

Weaknesses

Local storage. The fact that the movie is stored on the customer’s machine once it is downloaded is a weakness of the system. It allows attackers more freedom to “play” and an easier time to deconstructing the videos to learn about their encryption and safeguards.

Network connection. In order for a transaction to occur, some sensitive information has to be transmitted from the customer’s computer to an Apple server somewhere far, far away.

Time-based system. The fact that the rental system is based on a time limit is a weakness of the system. Computer times change (or can be changed), people move between time zones, and it’s possible that the inconstancy of time on the computer could be used to extend rental periods indefinitely.

Defenses

Encryption of sensitive data. When transferring data across the wire, a strong encryption scheme should be (and probably is) used to protect the integrity and the contents of the data being transferred.

Server-side timestamps. When a video is requested for rental from the store, the remote server could store the time the video download was completed, and then iTunes could ask the server periodically whether or not the rental should still be active. This wouldn’t work if someone were to cut off access to the Internet from their computer, but the assumption would be that they wouldn’t be able to keep the computer unplugged indefinitely. This could also be combined with checking of timestamps on the client side to make a very robust system.

Risks

The risk involved in sending sensitive information (e.g. credit card numbers) across a public network is very real. The likelihood of someone successfully sniffing encrypted data going across the network is likely not very large, but the possible consequences if someone were to successfully decrypt that data are fairly significant. Also, many people live in situations where wireless network connections abound. Sniffing data on a wireless network is much easier than sniffing over a wired network for the casual thief.

It is very likely that someone will come up with a way for customers to circumvent the timeout on downloaded rentals from the iTunes store. However, most customers probably won’t take advantage of an exploit because the either won’t know about it, or will choose not to do so for ethical reasons. The risk of a significant number of users abusing the system is therefore probably low.

Conclusions

Online video rentals are an interesting idea. Given a good system of downloading videos that expire after a fixed amount of time and a good way of transmitting data across a network securely (which I will assume that Apple already has), the market could be lucrative. As the field is relatively new, it is likely that the technologies used to ensure that videos do, in fact, expire after a set amount of time will evolve and become harder to tamper with. Perhaps those technologies might be used to transfer time-sensitive data between corporations at some point in the future.

Filed under: Security Reviews2 Comments »

2 Comments

  • 1
    Get your own gravatar for comments by visiting gravatar.com

    Comment by robertm2

    February 3, 2008 @ 11:24 pm

    I think the new Itunes Rental store is particularly interesting from a security standpoint since the files are actually downloaded and stored on the users’ computers. It seems like it would be easier to tamper with the system, as opposed to something like a pay-per-view movies through a Comcast box. And it appears that it would be in Apple’s best interest to make sure the movies are protected and are viewed only in its intended way as to not lose the trust from the movie companies.

    As already mentioned, the rentals are based on a time-expiration system and I too wonder how this is implemented. I doubt that iTunes requires an internet connection at all times so that it can check the time against a iTunes server as this would be significantly inconvenient for the customers. So it must depend on the system clock. In which case, if people can figure out a way to tamper with this, it seems that you can at least movies that you can own for a very long time for a cheaper rental price.

  • 2
    Get your own gravatar for comments by visiting gravatar.com

    Comment by Justin McOmie

    February 3, 2008 @ 11:47 pm

    I hope that the DRM systems for movie rentals prove to be sustainable for Apple and others because, unlike with typical DRM, the DRM that applies to rentals doesn’t exist under false pretenses.

    With typical forms of DRM, such as the DRM applied to all non-rental tracks on the iTunes store, there is the pretense of “ownership” with the purchase. There is no real form of ownership involved however. The only aspect of the arrangement that might be construed as ownership is the conditional right a purchaser has to play their media on up to 5 sanctioned machines.

    With rentals the terms are fairly clear at the outset, and since a point of expiration is pre-agreed by both parties prior to the purchase, there is little need for concern that future changes to the agreement (by Apple or others) might be retroactively applied.

    On the other hand this little nugget from the iTunes “Terms of Service” should interest anyone who has paid for non-rental media from the iTunes Store:

    “Apple reserves the right, at any time and from time to time, to update, revise, supplement, and otherwise modify this Agreement and to impose new or additional rules, policies, terms, or conditions on your use of the Service.”

RSS feed for comments on this post