ciso-platform-annual-summit-2013-Attacks on smart tv

1,582 views
1,488 views

Published on

Presented by Martin Herfurt at CISO Platform Annual Summit, 2013.Martin did a lot of work in the field of Bluetooth Security when he founded the trifinite.group in 2004. Currently, he is working for the German IT-Security firm n.runs professionals along with managing his new venture, toothR.

Published in: Education, Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,582
On SlideShare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

ciso-platform-annual-summit-2013-Attacks on smart tv

  1. 1. Security Issues with Hybrid Broadcast Broadband TV (HbbTV) Watching TV suddenly is fun again! © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
  2. 2. Who am I • • • • • Martin Herfurt Security Consultant working with n.runs Co-founder of trifinite.org Bluetooth security expert @mherfurt © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
  3. 3. SmartTV Security Overview • December 2012: ReVuln - USB/Local attacks on SAMSUNG Smart TV • March 2013: CanSecWest – Smart TV Security (great talk, but excluding HbbTV stuff) (SeungJin Lee, Seungjoo Kim) • May 2013: (TU Darmstadt) HbbTV Privacy issues (Marco Ghiglieri, Florian Oswald, Erik Tews) • June 2013: Security Issues with HbbTV • August 2013: Attacking Smart TVs via apps (Aaron Grattafiori, Josh Yavor) © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
  4. 4. HbbTV Background • • • • Pan-European effort HbbTV = H4TV(fr) + HTML Profil(de) ETSI TS 102796 (published in June 2010) Adopts existing specifications – HTML-CE (Web for Consumer Electronics) – OIPF (Open IPTV Forum) • Goal is to combine broadcast content with online content © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
  5. 5. DVB Stream Plain Old DVB © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
  6. 6. Augmented DVB Stream Hybrid Broadband Broadcast TV © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
  7. 7. The Red Button © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
  8. 8. SevenOne Media © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
  9. 9. What you think you see © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
  10. 10. What you are really seeing © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
  11. 11. How is the Red Button displayed? • • • • TV has a DAE (Browser) Content from URL within DVB-Stream Overlay on actual TV image Mostly transparent web page © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
  12. 12. Data Collection • Extraction of channel list • Transparent proxy setup • Script for switching channels via IP © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
  13. 13. Stations with HbbTV on Astra 19.2E List was generated on 9th of may 2013 with no CI-modules except HD+ in use (e.g. no SKY) © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
  14. 14. Subset of Stations using Google Analytics RTL2 uses a service called etracker.com Sometimes mechanisms for periodical tracking in use (transparent page refresh) © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
  15. 15. Possible Injection Vectors ! Augmented DVB Stream ! ! ! © 2013, n.runs professionals GmbH – Security Research Team ! Martin Herfurt
  16. 16. What Would Dr. Evil Do? © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
  17. 17. Watering Hole Attacks – sometimes very likely Apache/1.3.27 (Unix) (Red-Hat/Linux) mod_ssl/2.8.12 OpenSSL/0.9.6b DAV/1.0.3 PHP/4.1.2 mod_perl/1.26 mod_gzip/1.3.26.1a © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
  18. 18. Content Injection © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
  19. 19. Rogue Video Display © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
  20. 20. Spoofing News Tickers © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
  21. 21. Attacks on DNS © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
  22. 22. Possilbe Attacks (Javascript) • OIPF Objects – contain device specific (and maybe personal) information (see Open IPTV Forum standard) like channel lists etc. – not everything from standard is implemented • HTML/JavaScript – time-based scan of home networks – transmit information to arbitrary inet location – You name it! • Recycle known malicious javascript code! – Google Dorks © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
  23. 23. © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
  24. 24. Countermeasures © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
  25. 25. Unplug SmartTV © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
  26. 26. Use a Firewall © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
  27. 27. Block Domain Name Service © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
  28. 28. HAL – To Serve & Protect © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
  29. 29. Thank You! Find more on: © 2013, n.runs professionals GmbH – Security Research Team blog.nruns.com Martin Herfurt

×