Hi d-fens, thanks for sharing.
There are some clever and determined people out there, and this does look like a basic vulnerability.
I once read a post (probably on xda-developers) from a guy who had designed and built a clock glitch inserter that allowed him to crack the image encryption on a NowTV box, that allowed him to convert it into a full Roku box. I think he might have used a power supply side channel attack, too… A lot of these attacks rely on commonly-used bootloaders, giving a way in. I think the Roku/NowTV uses the same boot loader as the TiVo.
Ah, yes; here we are:
Follow the progress through next few pages, as xXhighpowerXx recovers the AES key, and then gets it to load and run unencrypted images… That’s impressively scary work, and I wouldn’t be surprised if he attracted some ‘official interest’…