For decades, cable was king when it came to entertainment. As broadband Internet quickly spread during the 2010s and users wanted to access content from their mobile devices, over-the-top (OTT) media quickly outpaced cable. Today, there are over 600 million OTT subscribers globally. This industry generates over $100 billion in annual revenue, a figure that is expected to top $332 billion by 2025.

In this fast-paced industry, providers face two key challenges. On one hand, to retain customers, they develop proprietary solutions that must be kept safe from the prying eyes of competitors; on the other, piracy is also growing, putting providers at risk of noncompliance with content rights owners and costing them a good chunk in lost revenue.

The Critical Value of Intellectual Property (IP)

At a time when competition in OTT is at an all-time high, customer retention is the order of the day. This prompted providers to invest in proprietary solutions to enhance buffering, analytics, or even the experience of using the player.

Because modern OTT platforms are developed in JavaScript and HTML5 — which provides countless benefits for the provider — the logic of these proprietary solutions is left exposed on the client-side. Meaning that a competitor can readily debug the code to uncover these novel developments. Providers are taking the necessary steps to protect this exposed JavaScript and HTML5 and avoid losing the upper hand.

code hardening html software protection cybersecurity

Stopping Piracy, Filling The Security Gap

Losses from piracy are expected to grow from $9.1 billion (2019) to $12.5 billion (2024), urging providers to employ advanced solutions to minimize their exposure to content leaks.

DRM, a widely used anti-piracy layer, ensures that content can only be accessed by rightful users. However, it doesn’t provide any further protection when the content reaches the user’s display — meaning that malicious users can capture the content and redistribute it.

Forensic watermarking helps solve this issue by embedding subscriber info into content, enabling providers to block leaking accounts after leaked content is found in the wild. Modern watermarking solutions use a client-side JavaScript agent, a much superior approach when compared to server-side watermarking. However, this client-side agent is exposed to attacks. By tampering with the logic of the watermarking agent, attackers can bypass the watermark and leak content without it being traceable.

The only watermarking implementation that makes sense today is client-side. Adding code protection must be a standard step for maximum resilience.”

Answering all the identified security threats meant getting the best possible JavaScript and HTML5 code protection. At the basis of this technology is polymorphic obfuscation. With this protective layer, providers concealed their source code beyond possible recognition. In addition, with a code hardening feature, providers were also able to ensure that no tool was capable of reverse-engineering their protected code. And thanks to the inherent polymorphism, each new protected build yields a different output — an extra line of defense against reverse engineering and attack automation attempts.

A Self-Defending layer will prevent more determined attackers from debugging or tampering with the code. This is done by scattering integrity checks throughout the code that are triggered when attackers open a debugger or make any change to the source code. When that happens, countermeasures are issued such as breaking the app, redirecting attackers, or issuing a custom callback. This Self-Defending layer is crucial both for preventing intellectual property theft and attackers’ attempts to bypass the watermarking agent.