Schneier on Security
A blog covering security and security technology.
« WEIS 2011 |
| The Decline of al Qaeda »
June 16, 2011
Threat Models Colliding at Movie-Theater Projectors
Posted on June 16, 2011 at 7:33 AM
• 39 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
I was disappointed at how un-shocked I was to find out that multiple passwords and specific procedures are required to just change a lens.
Entirely too many machines are getting this sort of "enhanced" security. Try getting a key made at a big home improvement store. They all have those super-automated secure cutting machines, which are apparently impossible to use, or get certified for. There are often ZERO employees at work at a particular time who are authorized to use the machine.
How long till the majority of systems are like this, and it's impossible to get your shirts from the cleaners, or shut down a leaking gas pipe, cause the guy with the passwords is on vacation?
What I don't understand is why the lens change is part of the secured section? How can showing a film with the wrong lens allow copying?
Did you know Wendy is also a folk musician, and does performances at The Cabbage Patch ( http://www.twickfolk.co.uk/ ) pub in Twikenham South West London?
So next time you are in London on a Sunday why not drop by, I'm sure they might let you play 8)
Capture device in the lens bracket?
I don't think the problem is poor engineering, but poor business decisions by management, which in turn forces the engineers to either a) implement the bad decision or, b) seek employment elsewhere. (Where, likely, the process will repeat itself.)
"How can showing a film with the wrong lens allow copying?"
The RealD projection system puts two images up on the screen alternatly (just like the old rad/gree glasses system). However instead of using different colours it uses orthagonal polarisation of the light. The glasses you wear are just like your polarised sun glasses except the lense are turned 45degrees clockwise and anticlockwise to give the orthagonal seperation.
A polarised light filter removes about 50% of ordinary light (hence the dimming of the projection)
Access to the lense assembly would alow a slightly easier way to copy the movie in 3D.
However it would not be two difficult to use two non 3D HighDef video cameras that have the same frame rate and "sync-lock" and make an appropriate polarisation detector trigger for it.
A funny play on Bastiat's "That Which is Seen, and That Which is Not Seen". In this case, what is not seen is that the movie is not seen (not well, anyway). This problem of unintended consequences was well articulated in 1850 - http://bastiat.org/en/twisatwins.html
The pirate vs pay choice always applies. Now in addition to expensive soda, an entire lack of alcohol (in Australia and all other uncivilised countries), and "trailers" you get less light. Cinemas aren't a good option unless you want to see the movie soon after it's released.
When I was in the 18-24 age range I saw all the major movies in the cinema with friends. If the technology that's available now was available then we would have watched youtube videos instead, it's cheaper, more entertaining, you can drink alcohol, and take a break whenever you want.
This caught my attention enough to read the Sony notes about changing a lens and their latest products require a logon and password to make any change at all to the projector (such as turning the lamp off). Sony made pains to point out that you don't need to go into the projector to change the lens, however this might be model dependent.
It's actually the polarization filters that remove most of the light, and they can be removed without trouble (http://www.badassdigest.com/2011/05/28/agreeing-and-disagreeing-with-roger-ebert-on-dim-projection):
"If we are running a complex schedule with 2D and 3D on the same screen on the same day, however, we DO leave in the dual 3D lens for the 2D presentations. However, we DO remove the polarizing filters from in front of the lenses for 2D screenings. The polarizing filters are what drastically reduce the light. You can have great 2D presentation with the 3D Sony lens PROVIDED YOU REMOVE THE POLARIZING FILTERS. The problem of low light levels referenced in the articles above point to the 3D lens as being the culprit. That is not the case. The problem is the filters and you can rest assured that these are removed any time we are showing a 2D film with a 3D lens."
@Clive Robinson, Re: Copying 3D
RealD uses circular polarization, not the old-school linear polarization. That's why you can tilt your head when watching RealD films. I think I saw Coraline with linear polarization though, so this is a fairly new development.
Copying with a video camera doesn't need to sync lock or detect polarization at all -- just put glasses (or just their lenses) on a pair of cameras.
Pirating from a film reel is done by running the reel through a machine similar to a projector whose sole purpose is to copy film to a digital format -- telecine.
I would imagine that to copy a 3D film you would copy from the projector (and here you would want to sync your framerate so you could get the 3D value) you would remove the lens and install your own lens+recording device then play the film onto that rather than the screen. (This would be an off-hours operation surely.)
Nowadays I think most of the pirate film versions of new releases are off of screeners though. (Old releases are DVD rips.)
So what happened to using strangely shaped screw heads to prevent removal of objects?
Like those three-pointed "Phillips" heads, and five-pointed Torx bits that have a hole in the center to accommodate the pin in the bottom of the screw head.
Of course they don't use film these days, instead they just send a hard drive to each cinema, DRM infested of course (this is Hollywood we're talking about here) but I'm sure it's breakable.
Part of the reason you get ripped off by cinemas on drinks is because they just don't make much off the ticket sales when the movies first come out (and the previews and ads are also for the same purpose) while the alcohol bans are because more rational people who don't drink beer would greatly prefer not to have the movie interrupted by drunken idiots.
Blame the greedy movie studios for taking most of the ticket sales when it first comes out (and thus when people see it before they hear how bad the movie is from friends).
This may be a problem but how serious is it really? Most cinemas run the same movie in the same theatre for weeks. I assume they have some kind of setup procedure where they could set the lens while they're busy loading the content system. After that, what reason in normal practice is there for changing it? And why would they be doing it immediately prior to a showing and risk the show starting late?
Maybe it's more of an issue for film festivals and so on. I doubt it's a big deal in cineplexes.
Part of the complaint is that even if they're showing a 2D movie for weeks, some theaters will leave the 3D lens in that whole time, because there is no one on site with the requisite technical knowledge to change it.
I'm not sure how many movie theaters switch back and forth between 2D and 3D on the same screen daily, but given that there are many, many non-cineplexes still operating, it's a problem worth paying attention to.
Something not addressed in the linked post, but which is mentioned in one of the articles it links to, is that the worst of this is limited to Sony projectors. Movie theaters may leave other projectors in 3D configuration out of laziness, but Sony is the only one that takes 2-3 hours and requires passwords and an Internet connection. (Or so it is being reported.)
@ Old School,
"So what happened to using strangely shaped screw heads to prevent removal of objects?"
I never used to worry about them because I was taught to make my own tools when I was a student, so it used to take me about a 1/2 hour in the workshop to cut and harden a tool bit.
A flawed security model and operators not entirely up to the job is all it takes for a fine fail.
So is this the first recorded case of a movie-threat plot?
If not a movie-threat plot, perhaps it's security theater.
Are they unauthorized by policy or by technology? It's easy to get a piece of brass stuck in your eye, or injure your hand, if you aren't careful with those machines, so policy has restricted access for a long time.
Maybe the theater could invest in cell phone jamming while they are at it ...
At Last! A REAL movie plot threat
from Hollywood, (I had to say it;)
Our local theatre has cell phone jamming tech
as did our light trains right after
OBL was killed.
I like the comment "In this case, the consequence is unhappy customers and, likely, eventually, loss of business. (For which they will blame file-sharing.)" coupled with the comment in Ebert's blog "Decades ago, it felt a similar danger from radio (it introduced talkies) and television (it introduced wide-screen)."
Does big media have a death wish, or is this just a side effect of only ever focussing on the current quarter's results?
Off topic for this thread, but there's a few good squid photos mixed in with the octopus & cuttlefish ones in this New Scientist gallery http://www.newscientist.com/gallery/...
I read somewhere else that the lens security system was designed when the only reason to pull the lens was to replace it for damage. But unlike a film projector, a digital unit can handle a lot of different formats with firmware updates, and the things are kind of pricey, so theater owners don't want to buy a whole new projector to make it easy to swap lenses when it's _possible_ to do it on the old one... even if it is painful.
So there may be some 'unintended consequences' here, more than 'they knew they needed swappable lenses and still screwed it up'.
My former boss told me a funny story about 9-trk mag tapes, security features, and The Spooks. He and his partner were in a conference, and were discussing media security with The Spooks. They showed The Spooks a 9-trk tape reel, and The Spooks asked about the groove in the bottom of the reel. "It's where you put the write ring. You know, like a cassette tape write tab?" Well, The Spooks then asked if not having the write ring in place would prevent erasure of the tape. When they got the affirmative answer, they then reasoned that if it were impossible to put a write ring in the groove, then the tape could not be erased (in-machine, anyway). Their 'reasoning' led them to suggest that the write ring groove on the tape reel be filled with epoxy to prevent anyone from installing a write ring... :P
I'd hope that anyone who knew anything about halogen bulbs wouldn't think that running one at low voltage would help its lifetime.
If they don't get fully hot, the halogen cycle doesn't work and the bulbs die sooner.
I guess no one noticed the error in the article headline: "Theat" should be "Threat."
Or that "threat" is an anagram of "theatr".
@ Tom (no relation):
The title and theme struck me as being from Henry Hazlitt's "Economics In One Lesson" (1946), and some of the chapter headings and quick-glance content were similar. Opening:
"The "One Lesson" is stated in Part One of the book:
The art of economics consists in looking not merely at the immediate but at the longer effects of any act or policy; it consists in tracing the consequences of that policy not merely for one group but for all groups."
I don't think I ever realized how much Hazlitt was influenced by Bastiat, as Hazlitt himself credits Ludwig von Mises and the Austrian School as having the greatest influence on his work. Thanks for posting that.
For anyone who *really* wants to know why the world is in the economic mess that it's in, whether Greece, Spain, or the rich-but-debt-laden USA, and what needs to change to fix it, Hazlitt's book is on the web:
IMHO, no one should have any say-so in the making of laws anywhere, at any level of government, without at least a familiarity with this work. Obviously, no one in the US Congress except Ron Paul has read it, and certainly, no one in the Obama Administration, nor the one before that, nor the one before that...
Put in verse form:
Clive, the Real3D system uses circular polarization. The old polarized system used the linear polarization. In circular you still get light in the two orthogonal planes but they are out of phase ending up with a left or right hand polarization. The big difference though is that you don't need to keep the glass lenses lined up to the screen to avoid bleeding through from one eye to the other (little ghost images you could see with the old linear polarized glasses) so you can tilt your head, etc and you still get the 3D effect clearly. So this 3D works and doesn't give you headaches.
However, as you say, it still cuts the amount of light reaching each eye since 50% of the light is filtered out for one eye and the other 50% is filtered on the other so in effect each eye only gets half of the light.
@kingsnake: Can't cell phone jam theaters or you lose business from doctors.
Also the FCC will fine you a startlingly large amount of money.
@peter - changing the lens doesn't allow copying but you probably have to open a panel or power the system down to do it - so when you start back up you need a passwd
Situation Normal (SNAFU):
Security will increase until someone actually insists on getting some useful work done.
It's amazing how common such situations are.
Is this colliding threat models or the agency problem. Name me someone at Sony who would a) lose their job if a movie was shown to have been copied by hacking the projectors and b) also lose their job if audience numbers declined?
It's pretty common for people in large organizations to advance their own goals at the expense of the organization as a whole, whether knowingly or otherwise.
Adam: Cinemas tend to put the movies in whichever cinema they think is the right size for the expected audience and if you only show a movie a few times a day they'll use the cinemas for other movies (or at least the one nearest to where I am works like that and it has 8 screens).
On the issue of jamming mobile phones, it is illegal to jam them (pretty much everywhere) but Faraday cages are perfectly legal to build (or at least I'm pretty sure they are) and given that a cinema is meant to be light tight anyway I don't see any problem with just putting some copper mesh in all the walls to block the signal.
Kingsnake: "I don't think the problem is poor engineering, but poor business decisions by management,"
It's ALWAYS management's fault. Always.
Paul: "It's pretty common for people in large organizations to advance their own goals at the expense of the organization as a whole, whether knowingly or otherwise."
Correct. And it's usually management that does this - but not always.
This is the reason when you buy something you can't get the package open without nuking it - the packaging guys were "doing their job".
It's a fascinating security angle -- but as Ebert points out, the real WTF is that Hollywood is investing zillions on 3D being the Next Big Thing; yet of the six 3D films I have seen so far, not one was materially improved by it. You would imagine, for example, that an action movie in 3D would have "jump frights" where an object on screen seems to leap into your lap; but they don't seem to bother. I saw the latest "Pirates" movie in 3D /and/ in 2D; I didn't notice any difference! And yes, in /both/ @D and 3D versions, the night scenes were so murky you couldn't tell what was going on. I see a lot of films, and I'm now going only to the cinema that doesn't have a 3D projector.
The ObSecurity to this, I guess, it they have been so focussed on specific technical aspects that they are ruining the rest of their business.
Besides which, it is not even 3D, but "3D", a (still) dimensional pseudo representation of three dimensions. It won't be 3D (no quotes), until each individual viewer can rotate the scene through all three axes for a different, personal, view. Not likely in my lifetime ...
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.