In 2012, Yeh and Tsaur proposed an advanced scheme for access control in mobile pay-TV systems based on pairing and elliptic curve, which were inherent in the cryptography of Sun and Leu's scheme. In their paper, they pointed out two weaknesses in Sun and Leu's scheme and tried to overcome these weaknesses. However, we still found that Yeh and Tsaur's scheme was not secure. In this research, we will show that an attacker who obtains an obsolete, previous session key can easily break Yeh and Tsaur's scheme. The analysis shows that Yeh and Tsaur's scheme is not secure for practical applications.