Jungun Ahn, Sueun Jung, Seungwan Yoo, Jungheum Park, and Sangjin Lee, Korea University
Recent developments have led to the emergence of illegal streaming services that are difficult to detect because they are offered only to those who have purchased specific set-top boxes. Even when such infringements are identified, the hardware-based nature of the service makes tracking extremely challenging. This paper focuses on analyzing the services provided through one such device, EVPAD. Upon installation, as of January 19, 2025, EVPAD allows users to watch real-time broadcasts of 1,260 channels from 18 countries and access 24,934 VoD contents, including Netflix and Disney Plus, as well as locally produced broadcasts. Through reverse engineering and detailed analysis, we identified 131,175 unique users and 78 servers dedicated to providing illegal streaming services over the course of two months. Beyond copyright infringement, EVPAD devices distributed worldwide could be misused by operators for cyberattacks. This paper proposes two blocking strategies based on EVPAD's service characteristics to curb copyright infringement and track key service nodes to dismantle illegal services and prevent potential cyber threats.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
author = {Jungun Ahn and Sueun Jung and Seungwan Yoo and Jungheum Park and Sangjin Lee},
title = {Watch Out Your {TV} Box: Reversing and Blocking a {P2P-based} Illegal Streaming Ecosystem},
booktitle = {34th USENIX Security Symposium (USENIX Security 25)},
year = {2025},
isbn = {978-1-939133-52-6},
address = {Seattle, WA},
pages = {843--860},
url = {https://www.usenix.org/conference/usenixsecurity25/presentation/ahn},
publisher = {USENIX Association},
month = aug
}
