SlideShare a Scribd company logo
Sangmin Lee, Minsu Park, Seungjoo Kim
SANE(Security Analysis aNd Evaluation) Lab
Korea University(高麗大學校)
LG vs. Samsung Smart TV:
Which Is Better for Tracking You?
Contents
• Who are we?
• The History of Digital Forensics on Smart TV
• LG webOS 3.0 Smart TV Forensics
• Data Acquisition
• File System & Data Analysis
• Collect LG Smart TV’s digital evidences
• Compare LG with Samsung Smart TV’s Digital Evidences
• Conclusion
• Acknowledgement
• Q&A
• Reference
2 / 56
Who are we?
Sangmin Lee (李相旼)
Sangmin Lee is a master student of SANE(Security Analysis aNd Evaluation) Lab on CIST(Center
for Information Security Technologies) at Korea University. He is most interested in offensive
security about system vulnerabilities and is interested in fields such as digital forensics, security
assessment, and software testing. Also, he participated in projects such as "Security Testing for
External Interfaces of Vehicular Wireless Systems", "Cyber ​​Fast Track related to IoT devices
vulnerabilities analysis" and "WebOS smart TV international security CC(Common Criteria)
certification acquisition." In 2015, he participated as a mentee at BoB(Best of the Best), an
information security leader training program hosted by KITRI(Korea Information Technology
Research Institute). He, in BoB, conducted a project to analyze vulnerabilities in embedded
devices such as routers, IP cameras, Smart home, and SCADA. Also, he presented the project
results at POC(Power Of Community) 2015 on the subject of "What if Fire Sale occurs in
Korea?"
3 / 56
E-mail : leesangmin@korea.ac.kr
Facebook : @leesangmin144
Who are we?
4 / 56
Seungjoo Gabriel Kim* (金昇柱)
E-mail: skim71@korea.ac.kr
Homepage : www.kimlab.net
Facebook, Twitter : @skim71
Prof. Seungjoo Gabriel Kim is a full professor of Undergraduate Department of Cyber Defense /
Graduate School of Information Security in Korea University, a member of CIST(Center for
Information Security Technologies) of Korea University, a vice-director of CW-TEC(Cyber Weapon
Test and Evaluation Center) of Korea University, a head of SANE(Security Analysis aNd Evaluation)
Lab, an advisor of 'CyKor'(Cyber security club at Korea university), a founder/advisory director of a
hacker group, 'HARU' and an international security & hacking conference,' SECUINSIDE'. Prior to
joining a tenure-track faculty member at Korea University in 2011, he was previously an Assistant
& Associate Professor of School of Information and Communication Engineering in
Sungkyunkwan University for 7 years ('04~'11). Before that, he worked as a Team Leader of
Cryptographic Technology Team and (CC-based) IT Security Evaluation Team of KISA(Korea Internet
& Security Agency) for 5 years ('98~'04). He received his B.S. ('94), M.S. ('96), and Ph.D. ('99) in
Information Engineering from Sungkyunkwan University, Korea.
E-mail : minsoon2@korea.ac.kr
Facebook : @bucktae
Minsu Park received his B.S degree in Computer Network from Silla University of Korea, in 2010
and also received his M.S degree in Information Security from Korea University of Korea, in 2013.
He is currently working toward the Ph.D. degree in Information Security, Korea University, Korea.
His research interests include Information Assurance, IoT Security, Digital Forensics and Usable
Security.
Minsu Park (朴珉洙)
*Corresponding Author
5 / 56
Ref : Deloitte
The History of Digital Forensics on Smart TV
6 / 56
▲ it appears to be the first ever published warrant for a smart TV
“That Time Cops Searched A Samsung Smart TV For Evidence Of Child Abuse”
- US Forbes magazine in 2017.
The History of Digital Forensics on Smart TV
7 / 56
[5] “A Review of Smart TV Forensics: Present state & Future Challenges,”
Al Falayleh, Mousa. DIPECC 2013
2013.10.
[3] “Study on Smart TV Forensics,”
Kang, Heesoo, et al., KIISC*
2014.10.
[4] "Forensic analysis of smart TV: A current issue and call to arms,”
Sutherland, Iain, et al., Digital Investigation
2014.06.
[2] "A forensic overview of the LG Smart TV,”
Sutherland, Iain, et al. Australian Digital Forensics Conference
2014.12.
[1] "Smart TV forensics: Digital traces on televisions,”
Boztas, Abdul, et al. Digital Investigation
2015.03.
Related works on Smart TV Forensics
”Further Analysis on Smart TV Forensics,”
Park, Minsu, et al. the Journal of Internet Technology (Accepted for
publication
2016.11.)
*KIISC : Korea Institute of Information Security & Cryptology
The History of Digital Forensics on Smart TV
8 / 56
2013.10.
2014.10.
2014.06.
2014.12.
2015.03.
Related works on Smart TV Forensics
Smart TV Forensics
Concepts
(Accepted for
publication
2016.11.)
[5] “A Review of Smart TV Forensics: Present state & Future Challenges,”
Al Falayleh, Mousa. DIPECC 2013
[3] “Study on Smart TV Forensics,”
Kang, Heesoo, et al., KIISC*
[4] "Forensic analysis of smart TV: A current issue and call to arms,”
Sutherland, Iain, et al., Digital Investigation
[2] "A forensic overview of the LG Smart TV,”
Sutherland, Iain, et al. Australian Digital Forensics Conference
[1] "Smart TV forensics: Digital traces on televisions,”
Boztas, Abdul, et al. Digital Investigation
”Further Analysis on Smart TV Forensics,”
Park, Minsu, et al. the Journal of Internet Technology
*KIISC : Korea Institute of Information Security & Cryptology
The First Experimental Study
on Smart TV Forensics
The History of Digital Forensics on Smart TV
9 / 56
2013. 10.
[5] M. AI. Falayleh
2014. 10.
[3] H.S. Kang
2014. 06.
[4] I. Sutherland
2015. 03.
[1] A. Boztas
2014. 12.
[2] I. Sutherland
The History of Digital Forensics on Smart TV
(accepted for
publication
2016. 11.)
M.S. Park
[5] “A Review of Smart TV Forensics: Present state & Future Challenges,”
Al Falayleh, Mousa., DIPECC 2013
(1) Digital evidences on the Smart TV (2) Challenges facing the Smart TV forensics
[4] "Forensic analysis of smart TV: A current issue and call to arms,”
Sutherland, Iain, et al., Digital Investigation
(1) Data acquisition method on the Smart TV
- Currently, Smart TV is continuously developed
- Can’t use existing forensics tools on the Smart TV
Smart TV uses the
soldered storage device
1. Relevant digital clues
2. Universality of methods and techniques
3. The availability of assistance from the industry
4. The need for specialist knowledge or equipment
10 / 56
Samsung
UN46ES8000(2012)
Target Analysis Process
-> Collecting 9 User’s Action Data on Features of TV & Applications
Testing
Post-
Imaging
Images
Diffing
Pre-
Imaging
Get Root
privilege
Collect
User’s
action data
Using SW
Vulnerability
on Smart TV
The History of Digital Forensics on Smart TV
2013. 10.
[5] M. AI. Falayleh
2014. 10.
[3] H.S. Kang
2014. 06.
[4] I. Sutherland
2015. 03.
[1] A. Boztas
2014. 12.
[2] I. Sutherland
(accepted for
publication
2016. 11.)
M.S. Park
11 / 56
LG
42LS570T-ZB(2012)
Target Analysis Process
LG
55LA740V(2013)
Collect
User’s
action data
Only TV’s
Setting Menu &
Applications
Menu
&
-> Collecting 10 User’s Action Data on TV & Applications Menu
(e.g. Recent History : My Apps -> Home -> Recent)
The History of Digital Forensics on Smart TV
2013. 10.
[5] M. AI. Falayleh
2014. 10.
[3] H.S. Kang
2014. 06.
[4] I. Sutherland
2015. 03.
[1] A. Boztas
2014. 12.
[2] I. Sutherland
(accepted for
publication
2016. 11.)
M.S. Park
12 / 56
Samsung
UE40F7000SLXXN(2013)
Target Analysis Process
-> Collecting about 8 User’s Action Data on Features of TV & Applications
Get Root
privilege
Collect
User’s
action data
Using SW
Vulnerability
on Smart TV
eMMC
access
NFI
toolkit
Failure
Maybe using
diffing between
pre with post
image.
The History of Digital Forensics on Smart TV
2013. 10.
[5] M. AI. Falayleh
2014. 10.
[3] H.S. Kang
2014. 06.
[4] I. Sutherland
2015. 03.
[1] A. Boztas
2014. 12.
[2] I. Sutherland
(accepted for
publication
2016. 11.)
M.S. Park
13 / 56
The History of Digital Forensics on Smart TV
2013. 10.
[5] M. AI. Falayleh
2014. 10.
[3] H.S. Kang
2014. 06.
[4] I. Sutherland
2015. 03.
[1] A. Boztas
2014. 12.
[2] I. Sutherland
(accepted for
publication
2016. 11.)
M.S. Park
Samsung
UN46ES8000(2012)
Target Compare with the previous studies
vs. vs.
2014. 12.
[2] I. Sutherland
2015. 03.
[1] A. Boztas
14 / 56
TV Forensics Concepts
LG
Smart TV
Samsung Smart TV
M Al Falayleh
[5]
I.Sutherland
[4]
I.Sutherland
[2]
H.S.Kang
[3]
A.Boztas
[1]
M.S.Park
Issue Year 2013 2014 2014 2014 2015 2016
Published DIPECC 2013
Digital
Investigation
Australian digital
forensics confer
KIISC* Digital Investigation
The journal of
Internet Technology
Target - -
42LS570T-ZB,
55LA740V
UN46ES8000 UE40F7000SLXXN UN46ES8000
TV’s
Release
Year
- - 2012, 2013 2012 2013 2012
OS - - webOS 2.0 Proprietary OS Proprietary OS Proprietary OS
Data
Acquisition
Method
- -
Failed to
acquire data
Software
Vulnerability
(1-day vuln)
Software
Vulnerability
(1-day vuln)
Software
Vulnerability
(1-day vuln)
Analysis
Procedure
- -
Using only TV’s
functions(config
menu, app info)
(1) Disk Imaging
(2) Diffing
(It’s guessed in the
same way as us)
(1) Disk Imaging
(2) Diffing
*KIISC : Korea Institute of Information Security & Cryptology
The History of Digital Forensics on Smart TV
15 / 56
The History of Digital Forensics on Smart TV
Smart TV Hacking
Hack In Paris 2017
“Are you watching TV now? Is It real?: Hacking of smart TV with 0-day"
LG Smart TV
16 / 56
The History of Digital Forensics on Smart TV
Smart TV Hacking
Black Hat USA 2013
▼“Hacking, Surveilling, and deceiving victims on Smart TV” ▼“The Outer Limits: Hacking A Smart TV”
Online community on the Samsung TV Firmware ▶
Samsung Smart TV
17 / 56
Common Criteria on the Smart TV
The History of Digital Forensics on Smart TV
Study a PP(Protection Profile) for Smart TV
(2014)
LG Smart TV LG Smart TV
How to obtain CC Certification of Smart TV
(2017)
18 / 56
Common Criteria on the Smart TV
Samsung Smart TV Security Solution
(received CC EAL1 certification)
LG Smart TV Application Security Solution
(received CC EAL2 certification)
The History of Digital Forensics on Smart TV
LG Smart TV Samsung Smart TV
LG webOS 3.0 Smart TV Forensics
- Data Acquisition
- File System & Data Analysis
- Collect LG Smart TV’s digital evidences
Target - LG webOS 3.0 Smart TV
20 / 56
- Model : 43UH6810
- OS : webOS 3.0
- Firmware : 4.30.85 (17.04.19)
(Latest version is updated
on 17.10.28)
Target - LG webOS 3.0 Smart TV
21 / 56
• webOS is a mobile operating system acquired by HP for use in various products
manufactured by LG.
• LG announces products that use webOS at CES every year.
• Currently, Smart TV, SmartWatch(Urbane), and Refrigerator produced in LG have used the
webOS.
What is webOS?
LG webOS 3.0 Smart TV Forensics
- Data Acquisition
- File System & Data Analysis
- Collect LG Smart TV’s digital evidences
Data Acquisition
23 / 56
laborious work
(In general, Smart TV’s cost over $1000.)
Invasive Physical Data Acquisition
=> Data Acquisition through application vulnerabilities
- But, Smart TV uses soldered storage devices & Disable JTAG, UART port
Data Acquisition
24 / 56
Known Vulnerabilities (1-day)
Using application vulnerability to acquire data
Obtain accessible
privilege to filesystem
Unknown Vulnerabilities (0-day)
Data Acquisition
25 / 56
• webOS emulator for developers
1) Connect to TV’s SSH services
2) Remote app installation on TV
3) Remote app execution
4) …
Attack Vector
Hack In Paris 2017 – LG webOS Smart TV’s 0-day
“Are you watching TV now? Is It real?: Hacking of smart TV with 0-day"
Data Acquisition
26 / 56
Connection to TV through SSH
Data Acquisition
27 / 56
Obtain root privilege with Command Injection
Data Acquisition
28 / 56
How can achieve the integrity of original data when
data is acquired via rooting?
e.g. Smartphone’s Digital Forensics
Partition
boot
recovery
cache
system
userdata
sdcard
Partitions affected by the vulnerabilityPartitions that achieve integrity
Available as digital evidences
Data Acquisition
29 / 56
How can achieve the integrity of original data when
data is acquired via rooting?
e.g. Smartphone’s Digital Forensics
boot
recovery
cache
system
userdata
sdcard
Partitions affected by the vulnerabilityPartitions that achieve integrity
Available as digital evidences
Partition
Partition
Data Acquisition
30 / 56
How can achieve the integrity of original data when
data is acquired via rooting?
e.g. Smartphone’s Digital Forensics
boot
recovery
cache
system
userdata
sdcard
Partitions affected by the vulnerabilityPartitions that achieve integrity
Available as digital evidences
Data Acquisition
31 / 56
as in the case of the United States, there will be a social debate on using a vulnerability to
acquire original data against smart TV as the need for smart TV forensics increases.
In case of Smart TV,
① The use of partitions is ambiguous. Therefore, the vulnerability affects most partitions.
(It is corresponding to not only our study but also existing studies)
② Integrity can be considered on a folder-by-folder basis, not a partition.
So, I think…
How can achieve the integrity of original data when
data is acquired via rooting?
LG webOS 3.0 Smart TV Forensics
- Data Acquisition
- File System & Data Analysis
- Collect LG Smart TV’s digital evidences
Data Analysis – File System
33 / 56
Partition Path File system
/dev/mmcblk0p15 ~
/dev/mmcblk0p35
- -
/dev/mmcblk0p50
/mnt/lg/db8 ext4
/var/db ext4
/dev/mmcblk0p51
/home ext4
/mnt/lg/cmn_data ext4
/mnt/lg/flash/data ext4
/mnt/lg/user ext4
/var ext4
/mnt/lg/cache/flash ext4
/mnt/lg/cache/sdp ext4
/mnt/lg/cache/browser ext4
/mnt/lg/cache/webbrowser ext4
/var/palm/jail/com.webos.app.browser/var/luna/preferences
ext4
(read only)
/var/palm/jail/com.webos.app.browser/mnt/lg/cache/webbrowser ext4
/var/palm/jail/com.webos.app.browser/mnt/lg/cmn_data/admanager/cache
ext4
(read only)
/dev/mmcblk0p52
/mnt/lg/appstore ext4
/media ext4
/var/palm/jail/com.webos.app.browser/media/internal ext4
Data Analysis
34 / 56
Data
Acquisition
&
File System
Analysis
Pre-
Imaging
Functions
Testing
Post-Imaging
Comparing
pre-Image with
post-image
Collect
User’s Action
① ② ③ ④ ⑤
Other function tests OR The function re-tests
Process of Data Analysis
LG Smart TV
(43UH6810)
Analysis Computer
(1) Connect to ssh of TV with root perm
(2) Upload Image.py scripts through tftp & execute
(3) Disk image on …/usb/sda/sda1/[images].[time].dd
(4) Sending Image file
& $ rm ../usb/sda/sda1/*
Smart TV’s Disk Imaging Environment
Data Analysis
35 / 56
② Pre-Imaging ④ Post-Imaging③ Functions Testing
Example) Steps ② ~ ④ - Disk Imaging & Testing
Data Analysis
36 / 56
Example) Step ⑤ - Compare Pre-Image with Post-Image (diffing)
(1) $ diff –rNd ~/pre_image ~/post_image
(2) Using Beyond Compare, Windump to binary diffing
Data Analysis
37 / 56
Example) Step ⑤ - Compare Pre-Image with Post-Image (diffing)
(1) $ diff –rNd ~/pre_image ~/post_image
(2) Using Beyond Compare, WinHex to binary diffing
Plain Text File
Binary File
Data Analysis
38 / 56
Example) Step ⑤ - Compare Pre-Image with Post-Image (diffing)
(1) $ diff –rNd ~/pre_image ~/post_image
(2) Using Beyond Compare, WinHex to binary diffing
pre-image post-image
LG webOS 3.0 Smart TV Forensics
- Data Acquisition
- File System & Data Analysis
- Collect LG Smart TV’s digital evidences
Collect LG Smart TV’s digital evidences
40 / 56
12 User’s Actions (First check : 18 July 2017, Last check : 14 Oct 2017)
# User’s Action Path
1 Last TV On time /mmcblk0p50/vardb/main/LOG
2 TV Channel List
/mmcblk0p51/epg/db/PBS_OFF_DB_0_4.db
/mmcblk0p51/epg/tuner_favorite_move_index.txt
3 External Storage Usage History /mmcblk0p52/cryptofs/data/db8/mediadb/media/*.log
4 TV ON/OFF Reservation /mmcblk0p51/var/luna/preferences/time
5
Hardware Connection
Information
/mmcblk0p51/var/lib/webappmanager3/LocalStorage/file_com.webos.ap
p.inputmgr_0.localstorage
6 Installed App Information /mmcblk0p52/cryptofs/apps/usr/lib/opkg/status
7 Internet History /mmcblk0p51/webbrowser/chrome/Default/Bookmarks, Prefer*, History
8 Recently Service Usage History /mmcblk0p52/cryptofs/data/db8/mediadb/media/*.log
9 App Install History /mmcblk0p51/var/luna/data/downloadhistory.db
10 Checking Captured Image /mmcblk0p52/captureTV
11 Last time app opened
/mmcblk0p51/var/lib/webappmanager3/LocalStorage/https_kr.lgrecomm
ends.lgappstv.com_0.localstorage
12 Connected Wifi Infomation /mmcblk0p51/var/lib/connman/*
Collect LG Smart TV’s digital evidences
41 / 56
12 User’s Actions (First check : 18 July 2017, Last check : 14 Oct 2017)
# User’s Action Path
1 Last TV On time /mmcblk0p50/vardb/main/LOG
2 TV Channel List
/mmcblk0p51/epg/db/PBS_OFF_DB_0_4.db
/mmcblk0p51/epg/tuner_favorite_move_index.txt
3 External Storage Usage History /mmcblk0p52/cryptofs/data/db8/mediadb/media/*.log
4 TV ON/OFF Reservation /mmcblk0p51/var/luna/preferences/time
5
Hardware Connection
Information
/mmcblk0p51/var/lib/webappmanager3/LocalStorage/file_com.webos.ap
p.inputmgr_0.localstorage
6 Installed App Information /mmcblk0p52/cryptofs/apps/usr/lib/opkg/status
7 Internet History /mmcblk0p51/webbrowser/chrome/Default/Bookmarks, Prefer*, History
8 Recently Service Usage History /mmcblk0p52/cryptofs/data/db8/mediadb/media/*.log
9 App Install History /mmcblk0p51/var/luna/data/downloadhistory.db
10 Checking Captured Image /mmcblk0p52/captureTV
11 Last time app opened
/mmcblk0p51/var/lib/webappmanager3/LocalStorage/https_kr.lgrecomm
ends.lgappstv.com_0.localstorage
12 Connected Wifi Infomation /mmcblk0p51/var/lib/connman/*
Collect LG Smart TV’s digital evidences
42 / 56
# User’s Action Path
1 Last TV On time /mmcblk0p50/vardb/main/LOG
Collect LG Smart TV’s digital evidences
43 / 56
# User’s Action Path
3 External Storage History /mmcblk0p52/cryptofs/data/db8/mediadb/media/*.log
8 Recently Service Usage History /mmcblk0p52/cryptofs/data/db8/mediadb/media/*.log
Collect LG Smart TV’s digital evidences
44 / 56
# User’s Action Path
3 External Storage History /mmcblk0p52/cryptofs/data/db8/mediadb/media/*.log
8 Recently Service Usage History /mmcblk0p52/cryptofs/data/db8/mediadb/media/*.log
File Name that exists
on the external storage
USB Serial Number
Unknown Strings
USB Serial Number Serial Number
Check Serial Number on my Mac
Collect LG Smart TV’s digital evidences
45 / 56
# User’s Action Path
3 External Storage History /mmcblk0p52/cryptofs/data/db8/mediadb/media/*.log
8 Recently Service Usage History /mmcblk0p52/cryptofs/data/db8/mediadb/media/*.log
Compare LG with Samsung
Smart TV’s Digital Evidences
Compare LG with Samsung Smart TV’s Digital Evidences
47 / 56
LG Smart TV Samsung Smart TV
Our research I.Sutherland [2] H.S.Kang [3] A.Boztas [1]
Issue Year - 2014 2014 2015
Published -
Australian digital
forensics confer
KIISC* Digital Investigation
Target 43UH6810
42LS570T-ZB,
55LA740V
UN46ES8000 UE40F7000SLXXN
TV’s
Release Year
2016 2012, 2013 2012 2013
OS webOS 3.0 webOS 2.0 Proprietary OS Proprietary OS
Data
Acquisition
Method
Software
Vulnerability
(1-day vuln)
Failed to
acquire data
Software
Vulnerability
(1-day vuln)
Software
Vulnerability
(1-day vuln)
Data Analysis
Main
Procedure
(1) Disk Imaging
(2) Diffing
Using only TV’s
functions(config
menu, app info)
(1) Disk Imaging
(2) Diffing
(It’s guessed in the
same way as us)
*KIISC : Korea Institute of Information Security & Cryptology
Compare LG with Samsung Smart TV’s Digital Evidences
48 / 56
LG Smart TV Samsung Smart TV
Our research H.S.Kang [3] A.Boztas [1]
Issue Year - 2014 2015
Published - KIISC* Digital Investigation
Target 43UH6810 UN46ES8000 UE40F7000SLXXN
TV’s
Release Year
2016 2012 2013
OS webOS 3.0 Proprietary OS Proprietary OS
Data
Acquisition
Method
Software Vulnerability
(1-day vuln)
Software
Vulnerability
(1-day vuln)
Software
Vulnerability
(1-day vuln)
Data Analysis
Main
Procedure
(1) Disk Imaging
(2) Diffing
(1) Disk Imaging
(2) Diffing
(It’s guessed in the
same way as us)
*KIISC : Korea Institute of Information Security & Cryptology
Compare LG with Samsung Smart TV’s Digital Evidences
49 / 56
User’s Actions about features of TV
User’s Action
LG Smart TV Samsung Smart TV
Our research H.S.Kang [3] A.Boztas [1]
Last TV On Time O O X
TV Channel List O O O
External Storage Usage History O O O
O : Discover the user’s action on the TV
X : Not discover user’s action or not exist on the TV
Compare LG with Samsung Smart TV’s Digital Evidences
50 / 56
User’s Actions about applications
User’s Action
LG Smart TV Samsung Smart TV
Our research H.S.Kang [3] A.Boztas [1]
Installed App Information O O O
Internet History O O O
Recently Service Usage History O O O
Checking captured images O
X
(There’s no capture
func)
X
(There’s no capture
func)
O : Discover the user’s action on the TV
X : Not discover user’s action or not exist on the TV
Compare LG with Samsung Smart TV’s Digital Evidences
51 / 56
User’s Actions about system configuration
User’s Action
LG Smart TV Samsung Smart TV
Our research H.S.Kang [3] A.Boztas [1]
Connected Wifi Information O O X
O : Discover the user’s action on the TV
X : Not discover user’s action or not exist on the TV
Compare LG with Samsung Smart TV’s Digital Evidences
52 / 56
User’s Actions that exists for each Smart TV only
User’s Action
LG Smart TV Samsung Smart TV
Our research H.S.Kang [3] A.Boztas [1]
TV ON/OFF Reservation O X X
Hardware Connection Information O X X
Last time app opened O X X
App Install History O X X
Latest Watched TV Channel X O X
Camera Usage
X
(There’s no camera)
O X
Log policy configuration file X O X
Request information
In the cloud app
X
(There’s no cloud
app)
X
(Maybe there’s no
cloud app)
O
O : Discover the user’s action on the TV
X : Not discover user’s action or not exist on the TV
Conclusion
Conclusion
54 / 56
• Data Acquisition by obtaining root privilege
• Analyze data pre-imaging, testing, and post-Imaging
comparisons
• Features of TV : 5 user’s actions
• Pre-installed applications : 6 user’s actions
• System configuration : 1 user’s action
• Comparison of LG and Samsung Smart TV
• Because physical methods are laborious, data acquisition
in a logical way
• The large classification of user’s actions is similar
• User’s Actions have different depths
• Physical characteristics of Smart TV, such as camera presence
• Similar functionalities of are implemented differently
Acknowledgement
55 / 56
This work was supported by Institute for Information & communications
Technology Promotion(IITP) grant funded by the Korea government(MSIP)
(R7117-16-0161,Anomaly detection framework for autonomous vehicles)
Q&A
Reference
Reference
[1] Boztas, Abdul., A. R. J. Riethoven., and Mark Roeloffs. "Smart TV forensics: Digital traces on televisions." Digital Investigation 12
(2015): S72-S80.
[2] Sutherland, Iain, et al. "A forensic overview of the LG Smart TV." (2014).
[3] Kang, Heesoo., Minsu Park., and Seungjoo Kim. "Study on Smart TV Forensics." Journal of the Korea Institute of Information Security
and Cryptology 24.5 (2014): 851-860.
[4] Sutherland, Iain., Huw Read., and Konstantinos Xynos. "Forensic analysis of smart TV: A current issue and call to arms." Digital
Investigation 11.3 (2014): 175-178.
[5] Al Falayleh, Mousa. "A review of smart tv forensics: Present state & future challenges." The International Conference on Digital
Information Processing, E-Business and Cloud Computing (DIPECC). Society of Digital Information and Wireless Communication, 2013.
[6] “That Time Cops searched A Samsung Smart TV For Evidence Of Child Abuse”, https://goo.gl/YrQhXV
[7] “LG Electronics Acquires webOS from HP to Enhance Smart TV”, https://goo.gl/BKG6G6
[8] Lee, Jonghoo., Mingeun Kim. “Are you watching TV now? Is it real?”, Hack in Paris 2017, https://goo.gl/Do51Zj
[9] Lee, Seungjin., and Seungjoo Kim. "Hacking, surveilling and deceiving victims on smart tv." Blackhat USA (2013).
[10] Grattafiori, Aaron., and Josh Yavor. “The Outer Limits: Hacking A Smart TV.” Blackhat USA (2013).
[11] SamyGo forum, “https://www.samygo.tv/”
[12] Park, Minsu, et al. “Developing a Protection Profile for Smart TV”, ICCC 2014, https://goo.gl/P7yNTv
[13] Application Security Solution V1.0 for LG webOS TV[Certification Report], https://goo.gl/jpH2HE
[14] Samsung Smart TV Security Solution V1.0[Certification Report], https://goo.gl/dNgvZA
[15] LG webOS TV Developer, http://webostv.developer.lge.com/

More Related Content

What's hot

OPERATING SYSTEM SECURITY
OPERATING SYSTEM SECURITYOPERATING SYSTEM SECURITY
OPERATING SYSTEM SECURITY
RohitK71
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
Rahmat Suhatman
 
The information security audit
The information security auditThe information security audit
The information security audit
Dhani Ahmad
 
Network security & cryptography
Network security & cryptographyNetwork security & cryptography
Network security & cryptography
Rahulprasad Yadav
 
introduction to cyber security
introduction to cyber securityintroduction to cyber security
introduction to cyber security
Slamet Ar Rokhim
 
Module 19 (evading ids, firewalls and honeypots)
Module 19 (evading ids, firewalls and honeypots)Module 19 (evading ids, firewalls and honeypots)
Module 19 (evading ids, firewalls and honeypots)
Wail Hassan
 
cyber security
cyber security cyber security
cyber security
sumitbajpeyee
 
Ethical hacking a licence to hack
Ethical hacking a licence to hackEthical hacking a licence to hack
Ethical hacking a licence to hack
Dharmesh Makwana
 
Cyber Crime and Security
Cyber Crime and SecurityCyber Crime and Security
Cyber Crime and Security
Chitra Mudunuru
 
Defense in Depth – Your Security Castle
Defense in Depth – Your Security CastleDefense in Depth – Your Security Castle
Defense in Depth – Your Security Castle
Coastal Pet Products, Inc.
 
Raising information security awareness
Raising information security awarenessRaising information security awareness
Raising information security awareness
Terranovatraining
 
Cyber crime and cyber security
Cyber crime and cyber  securityCyber crime and cyber  security
Cyber crime and cyber security
Keshab Nath
 
Threats to information security
Threats to information securityThreats to information security
Threats to information security
arun alfie
 
Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness Training
Jen Ruhman
 
Penetration testing web application web application (in) security
Penetration testing web application web application (in) securityPenetration testing web application web application (in) security
Penetration testing web application web application (in) security
Nahidul Kibria
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
Fabiha Shahzad
 
Integrating Physical And Logical Security
Integrating Physical And Logical SecurityIntegrating Physical And Logical Security
Integrating Physical And Logical Security
Jorge Sebastiao
 
Cyber kill chain
Cyber kill chainCyber kill chain
Cyber kill chain
Ankita Ganguly
 
Cyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptxCyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptx
Dinesh582831
 
Software Security Engineering
Software Security EngineeringSoftware Security Engineering
Software Security Engineering
Marco Morana
 

What's hot (20)

OPERATING SYSTEM SECURITY
OPERATING SYSTEM SECURITYOPERATING SYSTEM SECURITY
OPERATING SYSTEM SECURITY
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
 
The information security audit
The information security auditThe information security audit
The information security audit
 
Network security & cryptography
Network security & cryptographyNetwork security & cryptography
Network security & cryptography
 
introduction to cyber security
introduction to cyber securityintroduction to cyber security
introduction to cyber security
 
Module 19 (evading ids, firewalls and honeypots)
Module 19 (evading ids, firewalls and honeypots)Module 19 (evading ids, firewalls and honeypots)
Module 19 (evading ids, firewalls and honeypots)
 
cyber security
cyber security cyber security
cyber security
 
Ethical hacking a licence to hack
Ethical hacking a licence to hackEthical hacking a licence to hack
Ethical hacking a licence to hack
 
Cyber Crime and Security
Cyber Crime and SecurityCyber Crime and Security
Cyber Crime and Security
 
Defense in Depth – Your Security Castle
Defense in Depth – Your Security CastleDefense in Depth – Your Security Castle
Defense in Depth – Your Security Castle
 
Raising information security awareness
Raising information security awarenessRaising information security awareness
Raising information security awareness
 
Cyber crime and cyber security
Cyber crime and cyber  securityCyber crime and cyber  security
Cyber crime and cyber security
 
Threats to information security
Threats to information securityThreats to information security
Threats to information security
 
Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness Training
 
Penetration testing web application web application (in) security
Penetration testing web application web application (in) securityPenetration testing web application web application (in) security
Penetration testing web application web application (in) security
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
 
Integrating Physical And Logical Security
Integrating Physical And Logical SecurityIntegrating Physical And Logical Security
Integrating Physical And Logical Security
 
Cyber kill chain
Cyber kill chainCyber kill chain
Cyber kill chain
 
Cyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptxCyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptx
 
Software Security Engineering
Software Security EngineeringSoftware Security Engineering
Software Security Engineering
 

Similar to LG vs. Samsung Smart TV: Which Is Better for Tracking You? by Sangmin Lee

Developing a Protection Profile for Smart TV
Developing a Protection Profile for Smart TVDeveloping a Protection Profile for Smart TV
Developing a Protection Profile for Smart TV
Seungjoo Kim
 
DEEP LEARNING APPROACH FOR SUSPICIOUS ACTIVITY DETECTION FROM SURVEILLANCE VIDEO
DEEP LEARNING APPROACH FOR SUSPICIOUS ACTIVITY DETECTION FROM SURVEILLANCE VIDEODEEP LEARNING APPROACH FOR SUSPICIOUS ACTIVITY DETECTION FROM SURVEILLANCE VIDEO
DEEP LEARNING APPROACH FOR SUSPICIOUS ACTIVITY DETECTION FROM SURVEILLANCE VIDEO
IRJET Journal
 
Abid - Final Presentation .pptx
Abid - Final Presentation .pptxAbid - Final Presentation .pptx
Abid - Final Presentation .pptx
SyedSaqlain32
 
Intrusion Detection and Prevention System in an Enterprise Network
Intrusion Detection and Prevention System in an Enterprise NetworkIntrusion Detection and Prevention System in an Enterprise Network
Intrusion Detection and Prevention System in an Enterprise Network
Okehie Collins
 
Review on effectiveness of deep learning approach in digital forensics
Review on effectiveness of deep learning approach in digital  forensicsReview on effectiveness of deep learning approach in digital  forensics
Review on effectiveness of deep learning approach in digital forensics
IJECEIAES
 
Open Source and Cyber Security: Open Source Software's Role in Government Cyb...
Open Source and Cyber Security: Open Source Software's Role in Government Cyb...Open Source and Cyber Security: Open Source Software's Role in Government Cyb...
Open Source and Cyber Security: Open Source Software's Role in Government Cyb...
Great Wide Open
 
GNS CV
GNS CVGNS CV
On the Availability of Anti-Forensic Tools for Smartphones
On the Availability of Anti-Forensic Tools for SmartphonesOn the Availability of Anti-Forensic Tools for Smartphones
On the Availability of Anti-Forensic Tools for Smartphones
CSCJournals
 
Security in Cloud-based Cyber-physical Systems
Security in Cloud-based Cyber-physical SystemsSecurity in Cloud-based Cyber-physical Systems
IOT AND SECURITY-PRIVACY CONCERNS: A SYSTEMATIC MAPPING STUDY
IOT AND SECURITY-PRIVACY CONCERNS: A SYSTEMATIC MAPPING STUDYIOT AND SECURITY-PRIVACY CONCERNS: A SYSTEMATIC MAPPING STUDY
IOT AND SECURITY-PRIVACY CONCERNS: A SYSTEMATIC MAPPING STUDY
IJNSA Journal
 
IOT AND SECURITY-PRIVACY CONCERNS: A SYSTEMATIC MAPPING STUDY
IOT AND SECURITY-PRIVACY CONCERNS: A SYSTEMATIC MAPPING STUDYIOT AND SECURITY-PRIVACY CONCERNS: A SYSTEMATIC MAPPING STUDY
IOT AND SECURITY-PRIVACY CONCERNS: A SYSTEMATIC MAPPING STUDY
IJNSA Journal
 
Kato Mivule - Towards Agent-based Data Privacy Engineering
Kato Mivule - Towards Agent-based Data Privacy EngineeringKato Mivule - Towards Agent-based Data Privacy Engineering
Kato Mivule - Towards Agent-based Data Privacy Engineering
Kato Mivule
 
IEEE INTERNET OF THINGS JOURNAL, VOL. 7, NO. 1, JANUARY 2020 1
IEEE INTERNET OF THINGS JOURNAL, VOL. 7, NO. 1, JANUARY 2020 1IEEE INTERNET OF THINGS JOURNAL, VOL. 7, NO. 1, JANUARY 2020 1
IEEE INTERNET OF THINGS JOURNAL, VOL. 7, NO. 1, JANUARY 2020 1
MalikPinckney86
 
2011 lecture ia orientation
2011 lecture ia orientation2011 lecture ia orientation
2011 lecture ia orientation
2b3d
 
Forensics_1st_Presentation.pptx
Forensics_1st_Presentation.pptxForensics_1st_Presentation.pptx
Forensics_1st_Presentation.pptx
FatemaAkter78
 
EPLQ:Efficient privacy preserving spatial range query for smart phones
EPLQ:Efficient privacy preserving spatial range query for smart phonesEPLQ:Efficient privacy preserving spatial range query for smart phones
EPLQ:Efficient privacy preserving spatial range query for smart phones
IRJET Journal
 
Home care diagnostics system
Home care diagnostics systemHome care diagnostics system
Home care diagnostics system
manishthaper
 
A Survey on Smart Devices for Object and Fall Detection
A Survey on Smart Devices for Object and Fall DetectionA Survey on Smart Devices for Object and Fall Detection
A Survey on Smart Devices for Object and Fall Detection
IRJET Journal
 
Security and privacy issues with mobile cloud computing applications june 2016
Security and privacy issues with mobile cloud computing applications june 2016Security and privacy issues with mobile cloud computing applications june 2016
Security and privacy issues with mobile cloud computing applications june 2016
Merlec Mpyana
 
A Comparison Study of Android Mobile Forensics for Retrieving Files System
A Comparison Study of Android Mobile Forensics for Retrieving Files SystemA Comparison Study of Android Mobile Forensics for Retrieving Files System
A Comparison Study of Android Mobile Forensics for Retrieving Files System
CSCJournals
 

Similar to LG vs. Samsung Smart TV: Which Is Better for Tracking You? by Sangmin Lee (20)

Developing a Protection Profile for Smart TV
Developing a Protection Profile for Smart TVDeveloping a Protection Profile for Smart TV
Developing a Protection Profile for Smart TV
 
DEEP LEARNING APPROACH FOR SUSPICIOUS ACTIVITY DETECTION FROM SURVEILLANCE VIDEO
DEEP LEARNING APPROACH FOR SUSPICIOUS ACTIVITY DETECTION FROM SURVEILLANCE VIDEODEEP LEARNING APPROACH FOR SUSPICIOUS ACTIVITY DETECTION FROM SURVEILLANCE VIDEO
DEEP LEARNING APPROACH FOR SUSPICIOUS ACTIVITY DETECTION FROM SURVEILLANCE VIDEO
 
Abid - Final Presentation .pptx
Abid - Final Presentation .pptxAbid - Final Presentation .pptx
Abid - Final Presentation .pptx
 
Intrusion Detection and Prevention System in an Enterprise Network
Intrusion Detection and Prevention System in an Enterprise NetworkIntrusion Detection and Prevention System in an Enterprise Network
Intrusion Detection and Prevention System in an Enterprise Network
 
Review on effectiveness of deep learning approach in digital forensics
Review on effectiveness of deep learning approach in digital  forensicsReview on effectiveness of deep learning approach in digital  forensics
Review on effectiveness of deep learning approach in digital forensics
 
Open Source and Cyber Security: Open Source Software's Role in Government Cyb...
Open Source and Cyber Security: Open Source Software's Role in Government Cyb...Open Source and Cyber Security: Open Source Software's Role in Government Cyb...
Open Source and Cyber Security: Open Source Software's Role in Government Cyb...
 
GNS CV
GNS CVGNS CV
GNS CV
 
On the Availability of Anti-Forensic Tools for Smartphones
On the Availability of Anti-Forensic Tools for SmartphonesOn the Availability of Anti-Forensic Tools for Smartphones
On the Availability of Anti-Forensic Tools for Smartphones
 
Security in Cloud-based Cyber-physical Systems
Security in Cloud-based Cyber-physical SystemsSecurity in Cloud-based Cyber-physical Systems
Security in Cloud-based Cyber-physical Systems
 
IOT AND SECURITY-PRIVACY CONCERNS: A SYSTEMATIC MAPPING STUDY
IOT AND SECURITY-PRIVACY CONCERNS: A SYSTEMATIC MAPPING STUDYIOT AND SECURITY-PRIVACY CONCERNS: A SYSTEMATIC MAPPING STUDY
IOT AND SECURITY-PRIVACY CONCERNS: A SYSTEMATIC MAPPING STUDY
 
IOT AND SECURITY-PRIVACY CONCERNS: A SYSTEMATIC MAPPING STUDY
IOT AND SECURITY-PRIVACY CONCERNS: A SYSTEMATIC MAPPING STUDYIOT AND SECURITY-PRIVACY CONCERNS: A SYSTEMATIC MAPPING STUDY
IOT AND SECURITY-PRIVACY CONCERNS: A SYSTEMATIC MAPPING STUDY
 
Kato Mivule - Towards Agent-based Data Privacy Engineering
Kato Mivule - Towards Agent-based Data Privacy EngineeringKato Mivule - Towards Agent-based Data Privacy Engineering
Kato Mivule - Towards Agent-based Data Privacy Engineering
 
IEEE INTERNET OF THINGS JOURNAL, VOL. 7, NO. 1, JANUARY 2020 1
IEEE INTERNET OF THINGS JOURNAL, VOL. 7, NO. 1, JANUARY 2020 1IEEE INTERNET OF THINGS JOURNAL, VOL. 7, NO. 1, JANUARY 2020 1
IEEE INTERNET OF THINGS JOURNAL, VOL. 7, NO. 1, JANUARY 2020 1
 
2011 lecture ia orientation
2011 lecture ia orientation2011 lecture ia orientation
2011 lecture ia orientation
 
Forensics_1st_Presentation.pptx
Forensics_1st_Presentation.pptxForensics_1st_Presentation.pptx
Forensics_1st_Presentation.pptx
 
EPLQ:Efficient privacy preserving spatial range query for smart phones
EPLQ:Efficient privacy preserving spatial range query for smart phonesEPLQ:Efficient privacy preserving spatial range query for smart phones
EPLQ:Efficient privacy preserving spatial range query for smart phones
 
Home care diagnostics system
Home care diagnostics systemHome care diagnostics system
Home care diagnostics system
 
A Survey on Smart Devices for Object and Fall Detection
A Survey on Smart Devices for Object and Fall DetectionA Survey on Smart Devices for Object and Fall Detection
A Survey on Smart Devices for Object and Fall Detection
 
Security and privacy issues with mobile cloud computing applications june 2016
Security and privacy issues with mobile cloud computing applications june 2016Security and privacy issues with mobile cloud computing applications june 2016
Security and privacy issues with mobile cloud computing applications june 2016
 
A Comparison Study of Android Mobile Forensics for Retrieving Files System
A Comparison Study of Android Mobile Forensics for Retrieving Files SystemA Comparison Study of Android Mobile Forensics for Retrieving Files System
A Comparison Study of Android Mobile Forensics for Retrieving Files System
 

More from CODE BLUE

[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...
[cb22] Hayabusa  Threat Hunting and Fast Forensics in Windows environments fo...[cb22] Hayabusa  Threat Hunting and Fast Forensics in Windows environments fo...
[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...
CODE BLUE
 
[cb22] Tales of 5G hacking by Karsten Nohl
[cb22] Tales of 5G hacking by Karsten Nohl[cb22] Tales of 5G hacking by Karsten Nohl
[cb22] Tales of 5G hacking by Karsten Nohl
CODE BLUE
 
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
[cb22]  Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...[cb22]  Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
CODE BLUE
 
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
CODE BLUE
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之
CODE BLUE
 
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
CODE BLUE
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo
CODE BLUE
 
[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...
[cb22]  ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...[cb22]  ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...
[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...
CODE BLUE
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman
[cb22]  「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman [cb22]  「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman
CODE BLUE
 
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
CODE BLUE
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by  高橋 郁夫[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by  高橋 郁夫
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫
CODE BLUE
 
[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...
[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...
[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...
CODE BLUE
 
[cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka
[cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka [cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka
[cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka
CODE BLUE
 
[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...
[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...
[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...
CODE BLUE
 
[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...
[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...
[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...
CODE BLUE
 
[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...
[cb22]  From Parroting to Echoing:  The Evolution of China’s Bots-Driven Info...[cb22]  From Parroting to Echoing:  The Evolution of China’s Bots-Driven Info...
[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...
CODE BLUE
 
[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...
[cb22]  Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...[cb22]  Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...
[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...
CODE BLUE
 
[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也
[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也
[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也
CODE BLUE
 
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
CODE BLUE
 
[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...
[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...
[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...
CODE BLUE
 

More from CODE BLUE (20)

[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...
[cb22] Hayabusa  Threat Hunting and Fast Forensics in Windows environments fo...[cb22] Hayabusa  Threat Hunting and Fast Forensics in Windows environments fo...
[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...
 
[cb22] Tales of 5G hacking by Karsten Nohl
[cb22] Tales of 5G hacking by Karsten Nohl[cb22] Tales of 5G hacking by Karsten Nohl
[cb22] Tales of 5G hacking by Karsten Nohl
 
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
[cb22]  Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...[cb22]  Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
 
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之
 
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo
 
[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...
[cb22]  ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...[cb22]  ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...
[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman
[cb22]  「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman [cb22]  「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman
 
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by  高橋 郁夫[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by  高橋 郁夫
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫
 
[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...
[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...
[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...
 
[cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka
[cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka [cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka
[cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka
 
[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...
[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...
[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...
 
[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...
[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...
[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...
 
[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...
[cb22]  From Parroting to Echoing:  The Evolution of China’s Bots-Driven Info...[cb22]  From Parroting to Echoing:  The Evolution of China’s Bots-Driven Info...
[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...
 
[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...
[cb22]  Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...[cb22]  Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...
[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...
 
[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也
[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也
[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也
 
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
 
[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...
[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...
[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...
 

Recently uploaded

一比一原版(aiti毕业证书)澳洲悉尼翻译学院毕业证如何办理
一比一原版(aiti毕业证书)澳洲悉尼翻译学院毕业证如何办理一比一原版(aiti毕业证书)澳洲悉尼翻译学院毕业证如何办理
一比一原版(aiti毕业证书)澳洲悉尼翻译学院毕业证如何办理
fyguxu
 
一比一原版不列颠哥伦比亚大学毕业证(UBC毕业证书)学历如何办理
一比一原版不列颠哥伦比亚大学毕业证(UBC毕业证书)学历如何办理一比一原版不列颠哥伦比亚大学毕业证(UBC毕业证书)学历如何办理
一比一原版不列颠哥伦比亚大学毕业证(UBC毕业证书)学历如何办理
bttak
 
sidewall damage of microLED (underlying physics and paper review).pdf
sidewall damage of microLED (underlying physics and paper review).pdfsidewall damage of microLED (underlying physics and paper review).pdf
sidewall damage of microLED (underlying physics and paper review).pdf
Brian Kim, PhD
 
欧洲杯体彩-欧洲杯体彩比赛投注-欧洲杯体彩比赛投注官网|【​网址​🎉ac99.net🎉​】
欧洲杯体彩-欧洲杯体彩比赛投注-欧洲杯体彩比赛投注官网|【​网址​🎉ac99.net🎉​】欧洲杯体彩-欧洲杯体彩比赛投注-欧洲杯体彩比赛投注官网|【​网址​🎉ac99.net🎉​】
欧洲杯体彩-欧洲杯体彩比赛投注-欧洲杯体彩比赛投注官网|【​网址​🎉ac99.net🎉​】
lopezkatherina914
 
欧洲杯投注-欧洲杯投注押注app-欧洲杯投注押注app官网|【​网址​🎉ac10.net🎉​】
欧洲杯投注-欧洲杯投注押注app-欧洲杯投注押注app官网|【​网址​🎉ac10.net🎉​】欧洲杯投注-欧洲杯投注押注app-欧洲杯投注押注app官网|【​网址​🎉ac10.net🎉​】
欧洲杯投注-欧洲杯投注押注app-欧洲杯投注押注app官网|【​网址​🎉ac10.net🎉​】
akrooshsaleem36
 
欧洲杯外围-欧洲杯外围投注官网-欧洲杯外围投注官网app|【​网址​🎉ac44.net🎉​】
欧洲杯外围-欧洲杯外围投注官网-欧洲杯外围投注官网app|【​网址​🎉ac44.net🎉​】欧洲杯外围-欧洲杯外围投注官网-欧洲杯外围投注官网app|【​网址​🎉ac44.net🎉​】
欧洲杯外围-欧洲杯外围投注官网-欧洲杯外围投注官网app|【​网址​🎉ac44.net🎉​】
ravisconneraa55387
 
一比一原版办理(Caltech毕业证)加州理工学院毕业证
一比一原版办理(Caltech毕业证)加州理工学院毕业证一比一原版办理(Caltech毕业证)加州理工学院毕业证
一比一原版办理(Caltech毕业证)加州理工学院毕业证
kboqz
 
世预赛投注-世预赛投注投注官网app-世预赛投注官网app下载|【​网址​🎉ac123.net🎉​】
世预赛投注-世预赛投注投注官网app-世预赛投注官网app下载|【​网址​🎉ac123.net🎉​】世预赛投注-世预赛投注投注官网app-世预赛投注官网app下载|【​网址​🎉ac123.net🎉​】
世预赛投注-世预赛投注投注官网app-世预赛投注官网app下载|【​网址​🎉ac123.net🎉​】
bljeremy734
 
Premium Call Girls Gurgaon {9999965857} VVIP BHAWNA Call Girls in Gurgaon
Premium Call Girls Gurgaon {9999965857} VVIP BHAWNA Call Girls in GurgaonPremium Call Girls Gurgaon {9999965857} VVIP BHAWNA Call Girls in Gurgaon
Premium Call Girls Gurgaon {9999965857} VVIP BHAWNA Call Girls in Gurgaon
gurkirankumar98700
 
一比一原版(SBU毕业证书)肯特州立大学毕业证如何办理
一比一原版(SBU毕业证书)肯特州立大学毕业证如何办理一比一原版(SBU毕业证书)肯特州立大学毕业证如何办理
一比一原版(SBU毕业证书)肯特州立大学毕业证如何办理
mbawufebxi
 
ℂall Girls Kolkata 😍 Call 0000000 Vip Escorts Service Kolkata
ℂall Girls Kolkata 😍 Call 0000000 Vip Escorts Service Kolkataℂall Girls Kolkata 😍 Call 0000000 Vip Escorts Service Kolkata
ℂall Girls Kolkata 😍 Call 0000000 Vip Escorts Service Kolkata
nhero3888
 
一比一原版(ku学位证书)美国堪萨斯大学毕业证如何办理
一比一原版(ku学位证书)美国堪萨斯大学毕业证如何办理一比一原版(ku学位证书)美国堪萨斯大学毕业证如何办理
一比一原版(ku学位证书)美国堪萨斯大学毕业证如何办理
yswno
 
Call Girls Goa ☎️ +91-7426014248 😍 Goa Call Girl Beauty Girls Goa Escorts
Call Girls Goa ☎️ +91-7426014248 😍 Goa Call Girl Beauty Girls Goa EscortsCall Girls Goa ☎️ +91-7426014248 😍 Goa Call Girl Beauty Girls Goa Escorts
Call Girls Goa ☎️ +91-7426014248 😍 Goa Call Girl Beauty Girls Goa Escorts
anilsa9823
 
Company Profile of Tempcon - Chiller Manufacturer In India
Company Profile of Tempcon - Chiller Manufacturer In IndiaCompany Profile of Tempcon - Chiller Manufacturer In India
Company Profile of Tempcon - Chiller Manufacturer In India
soumotempcon
 
Ahmedabad ℂall Girl Book 🤑 7488326553 🤑 ℂall Girl Service In Ahmedabad
Ahmedabad ℂall Girl Book 🤑 7488326553 🤑 ℂall Girl Service In AhmedabadAhmedabad ℂall Girl Book 🤑 7488326553 🤑 ℂall Girl Service In Ahmedabad
Ahmedabad ℂall Girl Book 🤑 7488326553 🤑 ℂall Girl Service In Ahmedabad
babesbookhot
 
Call Girls Goa ☎️ +91-7426014248 😍 Goa Call Girl Beauty Girls Goa Escorts
Call Girls Goa ☎️ +91-7426014248 😍 Goa Call Girl Beauty Girls Goa EscortsCall Girls Goa ☎️ +91-7426014248 😍 Goa Call Girl Beauty Girls Goa Escorts
Call Girls Goa ☎️ +91-7426014248 😍 Goa Call Girl Beauty Girls Goa Escorts
anilsa9823
 
Call Girls Hyderabad (india) ☎️ +91-7426014248 Hyderabad Call Girl
Call Girls Hyderabad  (india) ☎️ +91-7426014248 Hyderabad  Call GirlCall Girls Hyderabad  (india) ☎️ +91-7426014248 Hyderabad  Call Girl
Call Girls Hyderabad (india) ☎️ +91-7426014248 Hyderabad Call Girl
sapna sharmap11
 
We’re Underestimating the Damage Extreme Weather Does to Rooftop Solar Panels
We’re Underestimating the Damage Extreme Weather Does to Rooftop Solar PanelsWe’re Underestimating the Damage Extreme Weather Does to Rooftop Solar Panels
We’re Underestimating the Damage Extreme Weather Does to Rooftop Solar Panels
Grid Freedom Inc.
 
一比一原版西三一大学毕业证(TWU毕业证书)学历如何办理
一比一原版西三一大学毕业证(TWU毕业证书)学历如何办理一比一原版西三一大学毕业证(TWU毕业证书)学历如何办理
一比一原版西三一大学毕业证(TWU毕业证书)学历如何办理
bttak
 
一比一原版圣托马斯大学毕业证(UST毕业证书)学历如何办理
一比一原版圣托马斯大学毕业证(UST毕业证书)学历如何办理一比一原版圣托马斯大学毕业证(UST毕业证书)学历如何办理
一比一原版圣托马斯大学毕业证(UST毕业证书)学历如何办理
bttak
 

Recently uploaded (20)

一比一原版(aiti毕业证书)澳洲悉尼翻译学院毕业证如何办理
一比一原版(aiti毕业证书)澳洲悉尼翻译学院毕业证如何办理一比一原版(aiti毕业证书)澳洲悉尼翻译学院毕业证如何办理
一比一原版(aiti毕业证书)澳洲悉尼翻译学院毕业证如何办理
 
一比一原版不列颠哥伦比亚大学毕业证(UBC毕业证书)学历如何办理
一比一原版不列颠哥伦比亚大学毕业证(UBC毕业证书)学历如何办理一比一原版不列颠哥伦比亚大学毕业证(UBC毕业证书)学历如何办理
一比一原版不列颠哥伦比亚大学毕业证(UBC毕业证书)学历如何办理
 
sidewall damage of microLED (underlying physics and paper review).pdf
sidewall damage of microLED (underlying physics and paper review).pdfsidewall damage of microLED (underlying physics and paper review).pdf
sidewall damage of microLED (underlying physics and paper review).pdf
 
欧洲杯体彩-欧洲杯体彩比赛投注-欧洲杯体彩比赛投注官网|【​网址​🎉ac99.net🎉​】
欧洲杯体彩-欧洲杯体彩比赛投注-欧洲杯体彩比赛投注官网|【​网址​🎉ac99.net🎉​】欧洲杯体彩-欧洲杯体彩比赛投注-欧洲杯体彩比赛投注官网|【​网址​🎉ac99.net🎉​】
欧洲杯体彩-欧洲杯体彩比赛投注-欧洲杯体彩比赛投注官网|【​网址​🎉ac99.net🎉​】
 
欧洲杯投注-欧洲杯投注押注app-欧洲杯投注押注app官网|【​网址​🎉ac10.net🎉​】
欧洲杯投注-欧洲杯投注押注app-欧洲杯投注押注app官网|【​网址​🎉ac10.net🎉​】欧洲杯投注-欧洲杯投注押注app-欧洲杯投注押注app官网|【​网址​🎉ac10.net🎉​】
欧洲杯投注-欧洲杯投注押注app-欧洲杯投注押注app官网|【​网址​🎉ac10.net🎉​】
 
欧洲杯外围-欧洲杯外围投注官网-欧洲杯外围投注官网app|【​网址​🎉ac44.net🎉​】
欧洲杯外围-欧洲杯外围投注官网-欧洲杯外围投注官网app|【​网址​🎉ac44.net🎉​】欧洲杯外围-欧洲杯外围投注官网-欧洲杯外围投注官网app|【​网址​🎉ac44.net🎉​】
欧洲杯外围-欧洲杯外围投注官网-欧洲杯外围投注官网app|【​网址​🎉ac44.net🎉​】
 
一比一原版办理(Caltech毕业证)加州理工学院毕业证
一比一原版办理(Caltech毕业证)加州理工学院毕业证一比一原版办理(Caltech毕业证)加州理工学院毕业证
一比一原版办理(Caltech毕业证)加州理工学院毕业证
 
世预赛投注-世预赛投注投注官网app-世预赛投注官网app下载|【​网址​🎉ac123.net🎉​】
世预赛投注-世预赛投注投注官网app-世预赛投注官网app下载|【​网址​🎉ac123.net🎉​】世预赛投注-世预赛投注投注官网app-世预赛投注官网app下载|【​网址​🎉ac123.net🎉​】
世预赛投注-世预赛投注投注官网app-世预赛投注官网app下载|【​网址​🎉ac123.net🎉​】
 
Premium Call Girls Gurgaon {9999965857} VVIP BHAWNA Call Girls in Gurgaon
Premium Call Girls Gurgaon {9999965857} VVIP BHAWNA Call Girls in GurgaonPremium Call Girls Gurgaon {9999965857} VVIP BHAWNA Call Girls in Gurgaon
Premium Call Girls Gurgaon {9999965857} VVIP BHAWNA Call Girls in Gurgaon
 
一比一原版(SBU毕业证书)肯特州立大学毕业证如何办理
一比一原版(SBU毕业证书)肯特州立大学毕业证如何办理一比一原版(SBU毕业证书)肯特州立大学毕业证如何办理
一比一原版(SBU毕业证书)肯特州立大学毕业证如何办理
 
ℂall Girls Kolkata 😍 Call 0000000 Vip Escorts Service Kolkata
ℂall Girls Kolkata 😍 Call 0000000 Vip Escorts Service Kolkataℂall Girls Kolkata 😍 Call 0000000 Vip Escorts Service Kolkata
ℂall Girls Kolkata 😍 Call 0000000 Vip Escorts Service Kolkata
 
一比一原版(ku学位证书)美国堪萨斯大学毕业证如何办理
一比一原版(ku学位证书)美国堪萨斯大学毕业证如何办理一比一原版(ku学位证书)美国堪萨斯大学毕业证如何办理
一比一原版(ku学位证书)美国堪萨斯大学毕业证如何办理
 
Call Girls Goa ☎️ +91-7426014248 😍 Goa Call Girl Beauty Girls Goa Escorts
Call Girls Goa ☎️ +91-7426014248 😍 Goa Call Girl Beauty Girls Goa EscortsCall Girls Goa ☎️ +91-7426014248 😍 Goa Call Girl Beauty Girls Goa Escorts
Call Girls Goa ☎️ +91-7426014248 😍 Goa Call Girl Beauty Girls Goa Escorts
 
Company Profile of Tempcon - Chiller Manufacturer In India
Company Profile of Tempcon - Chiller Manufacturer In IndiaCompany Profile of Tempcon - Chiller Manufacturer In India
Company Profile of Tempcon - Chiller Manufacturer In India
 
Ahmedabad ℂall Girl Book 🤑 7488326553 🤑 ℂall Girl Service In Ahmedabad
Ahmedabad ℂall Girl Book 🤑 7488326553 🤑 ℂall Girl Service In AhmedabadAhmedabad ℂall Girl Book 🤑 7488326553 🤑 ℂall Girl Service In Ahmedabad
Ahmedabad ℂall Girl Book 🤑 7488326553 🤑 ℂall Girl Service In Ahmedabad
 
Call Girls Goa ☎️ +91-7426014248 😍 Goa Call Girl Beauty Girls Goa Escorts
Call Girls Goa ☎️ +91-7426014248 😍 Goa Call Girl Beauty Girls Goa EscortsCall Girls Goa ☎️ +91-7426014248 😍 Goa Call Girl Beauty Girls Goa Escorts
Call Girls Goa ☎️ +91-7426014248 😍 Goa Call Girl Beauty Girls Goa Escorts
 
Call Girls Hyderabad (india) ☎️ +91-7426014248 Hyderabad Call Girl
Call Girls Hyderabad  (india) ☎️ +91-7426014248 Hyderabad  Call GirlCall Girls Hyderabad  (india) ☎️ +91-7426014248 Hyderabad  Call Girl
Call Girls Hyderabad (india) ☎️ +91-7426014248 Hyderabad Call Girl
 
We’re Underestimating the Damage Extreme Weather Does to Rooftop Solar Panels
We’re Underestimating the Damage Extreme Weather Does to Rooftop Solar PanelsWe’re Underestimating the Damage Extreme Weather Does to Rooftop Solar Panels
We’re Underestimating the Damage Extreme Weather Does to Rooftop Solar Panels
 
一比一原版西三一大学毕业证(TWU毕业证书)学历如何办理
一比一原版西三一大学毕业证(TWU毕业证书)学历如何办理一比一原版西三一大学毕业证(TWU毕业证书)学历如何办理
一比一原版西三一大学毕业证(TWU毕业证书)学历如何办理
 
一比一原版圣托马斯大学毕业证(UST毕业证书)学历如何办理
一比一原版圣托马斯大学毕业证(UST毕业证书)学历如何办理一比一原版圣托马斯大学毕业证(UST毕业证书)学历如何办理
一比一原版圣托马斯大学毕业证(UST毕业证书)学历如何办理
 

LG vs. Samsung Smart TV: Which Is Better for Tracking You? by Sangmin Lee

  • 1. Sangmin Lee, Minsu Park, Seungjoo Kim SANE(Security Analysis aNd Evaluation) Lab Korea University(高麗大學校) LG vs. Samsung Smart TV: Which Is Better for Tracking You?
  • 2. Contents • Who are we? • The History of Digital Forensics on Smart TV • LG webOS 3.0 Smart TV Forensics • Data Acquisition • File System & Data Analysis • Collect LG Smart TV’s digital evidences • Compare LG with Samsung Smart TV’s Digital Evidences • Conclusion • Acknowledgement • Q&A • Reference 2 / 56
  • 3. Who are we? Sangmin Lee (李相旼) Sangmin Lee is a master student of SANE(Security Analysis aNd Evaluation) Lab on CIST(Center for Information Security Technologies) at Korea University. He is most interested in offensive security about system vulnerabilities and is interested in fields such as digital forensics, security assessment, and software testing. Also, he participated in projects such as "Security Testing for External Interfaces of Vehicular Wireless Systems", "Cyber ​​Fast Track related to IoT devices vulnerabilities analysis" and "WebOS smart TV international security CC(Common Criteria) certification acquisition." In 2015, he participated as a mentee at BoB(Best of the Best), an information security leader training program hosted by KITRI(Korea Information Technology Research Institute). He, in BoB, conducted a project to analyze vulnerabilities in embedded devices such as routers, IP cameras, Smart home, and SCADA. Also, he presented the project results at POC(Power Of Community) 2015 on the subject of "What if Fire Sale occurs in Korea?" 3 / 56 E-mail : leesangmin@korea.ac.kr Facebook : @leesangmin144
  • 4. Who are we? 4 / 56 Seungjoo Gabriel Kim* (金昇柱) E-mail: skim71@korea.ac.kr Homepage : www.kimlab.net Facebook, Twitter : @skim71 Prof. Seungjoo Gabriel Kim is a full professor of Undergraduate Department of Cyber Defense / Graduate School of Information Security in Korea University, a member of CIST(Center for Information Security Technologies) of Korea University, a vice-director of CW-TEC(Cyber Weapon Test and Evaluation Center) of Korea University, a head of SANE(Security Analysis aNd Evaluation) Lab, an advisor of 'CyKor'(Cyber security club at Korea university), a founder/advisory director of a hacker group, 'HARU' and an international security & hacking conference,' SECUINSIDE'. Prior to joining a tenure-track faculty member at Korea University in 2011, he was previously an Assistant & Associate Professor of School of Information and Communication Engineering in Sungkyunkwan University for 7 years ('04~'11). Before that, he worked as a Team Leader of Cryptographic Technology Team and (CC-based) IT Security Evaluation Team of KISA(Korea Internet & Security Agency) for 5 years ('98~'04). He received his B.S. ('94), M.S. ('96), and Ph.D. ('99) in Information Engineering from Sungkyunkwan University, Korea. E-mail : minsoon2@korea.ac.kr Facebook : @bucktae Minsu Park received his B.S degree in Computer Network from Silla University of Korea, in 2010 and also received his M.S degree in Information Security from Korea University of Korea, in 2013. He is currently working toward the Ph.D. degree in Information Security, Korea University, Korea. His research interests include Information Assurance, IoT Security, Digital Forensics and Usable Security. Minsu Park (朴珉洙) *Corresponding Author
  • 5. 5 / 56 Ref : Deloitte The History of Digital Forensics on Smart TV
  • 6. 6 / 56 ▲ it appears to be the first ever published warrant for a smart TV “That Time Cops Searched A Samsung Smart TV For Evidence Of Child Abuse” - US Forbes magazine in 2017. The History of Digital Forensics on Smart TV
  • 7. 7 / 56 [5] “A Review of Smart TV Forensics: Present state & Future Challenges,” Al Falayleh, Mousa. DIPECC 2013 2013.10. [3] “Study on Smart TV Forensics,” Kang, Heesoo, et al., KIISC* 2014.10. [4] "Forensic analysis of smart TV: A current issue and call to arms,” Sutherland, Iain, et al., Digital Investigation 2014.06. [2] "A forensic overview of the LG Smart TV,” Sutherland, Iain, et al. Australian Digital Forensics Conference 2014.12. [1] "Smart TV forensics: Digital traces on televisions,” Boztas, Abdul, et al. Digital Investigation 2015.03. Related works on Smart TV Forensics ”Further Analysis on Smart TV Forensics,” Park, Minsu, et al. the Journal of Internet Technology (Accepted for publication 2016.11.) *KIISC : Korea Institute of Information Security & Cryptology The History of Digital Forensics on Smart TV
  • 8. 8 / 56 2013.10. 2014.10. 2014.06. 2014.12. 2015.03. Related works on Smart TV Forensics Smart TV Forensics Concepts (Accepted for publication 2016.11.) [5] “A Review of Smart TV Forensics: Present state & Future Challenges,” Al Falayleh, Mousa. DIPECC 2013 [3] “Study on Smart TV Forensics,” Kang, Heesoo, et al., KIISC* [4] "Forensic analysis of smart TV: A current issue and call to arms,” Sutherland, Iain, et al., Digital Investigation [2] "A forensic overview of the LG Smart TV,” Sutherland, Iain, et al. Australian Digital Forensics Conference [1] "Smart TV forensics: Digital traces on televisions,” Boztas, Abdul, et al. Digital Investigation ”Further Analysis on Smart TV Forensics,” Park, Minsu, et al. the Journal of Internet Technology *KIISC : Korea Institute of Information Security & Cryptology The First Experimental Study on Smart TV Forensics The History of Digital Forensics on Smart TV
  • 9. 9 / 56 2013. 10. [5] M. AI. Falayleh 2014. 10. [3] H.S. Kang 2014. 06. [4] I. Sutherland 2015. 03. [1] A. Boztas 2014. 12. [2] I. Sutherland The History of Digital Forensics on Smart TV (accepted for publication 2016. 11.) M.S. Park [5] “A Review of Smart TV Forensics: Present state & Future Challenges,” Al Falayleh, Mousa., DIPECC 2013 (1) Digital evidences on the Smart TV (2) Challenges facing the Smart TV forensics [4] "Forensic analysis of smart TV: A current issue and call to arms,” Sutherland, Iain, et al., Digital Investigation (1) Data acquisition method on the Smart TV - Currently, Smart TV is continuously developed - Can’t use existing forensics tools on the Smart TV Smart TV uses the soldered storage device 1. Relevant digital clues 2. Universality of methods and techniques 3. The availability of assistance from the industry 4. The need for specialist knowledge or equipment
  • 10. 10 / 56 Samsung UN46ES8000(2012) Target Analysis Process -> Collecting 9 User’s Action Data on Features of TV & Applications Testing Post- Imaging Images Diffing Pre- Imaging Get Root privilege Collect User’s action data Using SW Vulnerability on Smart TV The History of Digital Forensics on Smart TV 2013. 10. [5] M. AI. Falayleh 2014. 10. [3] H.S. Kang 2014. 06. [4] I. Sutherland 2015. 03. [1] A. Boztas 2014. 12. [2] I. Sutherland (accepted for publication 2016. 11.) M.S. Park
  • 11. 11 / 56 LG 42LS570T-ZB(2012) Target Analysis Process LG 55LA740V(2013) Collect User’s action data Only TV’s Setting Menu & Applications Menu & -> Collecting 10 User’s Action Data on TV & Applications Menu (e.g. Recent History : My Apps -> Home -> Recent) The History of Digital Forensics on Smart TV 2013. 10. [5] M. AI. Falayleh 2014. 10. [3] H.S. Kang 2014. 06. [4] I. Sutherland 2015. 03. [1] A. Boztas 2014. 12. [2] I. Sutherland (accepted for publication 2016. 11.) M.S. Park
  • 12. 12 / 56 Samsung UE40F7000SLXXN(2013) Target Analysis Process -> Collecting about 8 User’s Action Data on Features of TV & Applications Get Root privilege Collect User’s action data Using SW Vulnerability on Smart TV eMMC access NFI toolkit Failure Maybe using diffing between pre with post image. The History of Digital Forensics on Smart TV 2013. 10. [5] M. AI. Falayleh 2014. 10. [3] H.S. Kang 2014. 06. [4] I. Sutherland 2015. 03. [1] A. Boztas 2014. 12. [2] I. Sutherland (accepted for publication 2016. 11.) M.S. Park
  • 13. 13 / 56 The History of Digital Forensics on Smart TV 2013. 10. [5] M. AI. Falayleh 2014. 10. [3] H.S. Kang 2014. 06. [4] I. Sutherland 2015. 03. [1] A. Boztas 2014. 12. [2] I. Sutherland (accepted for publication 2016. 11.) M.S. Park Samsung UN46ES8000(2012) Target Compare with the previous studies vs. vs. 2014. 12. [2] I. Sutherland 2015. 03. [1] A. Boztas
  • 14. 14 / 56 TV Forensics Concepts LG Smart TV Samsung Smart TV M Al Falayleh [5] I.Sutherland [4] I.Sutherland [2] H.S.Kang [3] A.Boztas [1] M.S.Park Issue Year 2013 2014 2014 2014 2015 2016 Published DIPECC 2013 Digital Investigation Australian digital forensics confer KIISC* Digital Investigation The journal of Internet Technology Target - - 42LS570T-ZB, 55LA740V UN46ES8000 UE40F7000SLXXN UN46ES8000 TV’s Release Year - - 2012, 2013 2012 2013 2012 OS - - webOS 2.0 Proprietary OS Proprietary OS Proprietary OS Data Acquisition Method - - Failed to acquire data Software Vulnerability (1-day vuln) Software Vulnerability (1-day vuln) Software Vulnerability (1-day vuln) Analysis Procedure - - Using only TV’s functions(config menu, app info) (1) Disk Imaging (2) Diffing (It’s guessed in the same way as us) (1) Disk Imaging (2) Diffing *KIISC : Korea Institute of Information Security & Cryptology The History of Digital Forensics on Smart TV
  • 15. 15 / 56 The History of Digital Forensics on Smart TV Smart TV Hacking Hack In Paris 2017 “Are you watching TV now? Is It real?: Hacking of smart TV with 0-day" LG Smart TV
  • 16. 16 / 56 The History of Digital Forensics on Smart TV Smart TV Hacking Black Hat USA 2013 ▼“Hacking, Surveilling, and deceiving victims on Smart TV” ▼“The Outer Limits: Hacking A Smart TV” Online community on the Samsung TV Firmware ▶ Samsung Smart TV
  • 17. 17 / 56 Common Criteria on the Smart TV The History of Digital Forensics on Smart TV Study a PP(Protection Profile) for Smart TV (2014) LG Smart TV LG Smart TV How to obtain CC Certification of Smart TV (2017)
  • 18. 18 / 56 Common Criteria on the Smart TV Samsung Smart TV Security Solution (received CC EAL1 certification) LG Smart TV Application Security Solution (received CC EAL2 certification) The History of Digital Forensics on Smart TV LG Smart TV Samsung Smart TV
  • 19. LG webOS 3.0 Smart TV Forensics - Data Acquisition - File System & Data Analysis - Collect LG Smart TV’s digital evidences
  • 20. Target - LG webOS 3.0 Smart TV 20 / 56 - Model : 43UH6810 - OS : webOS 3.0 - Firmware : 4.30.85 (17.04.19) (Latest version is updated on 17.10.28)
  • 21. Target - LG webOS 3.0 Smart TV 21 / 56 • webOS is a mobile operating system acquired by HP for use in various products manufactured by LG. • LG announces products that use webOS at CES every year. • Currently, Smart TV, SmartWatch(Urbane), and Refrigerator produced in LG have used the webOS. What is webOS?
  • 22. LG webOS 3.0 Smart TV Forensics - Data Acquisition - File System & Data Analysis - Collect LG Smart TV’s digital evidences
  • 23. Data Acquisition 23 / 56 laborious work (In general, Smart TV’s cost over $1000.) Invasive Physical Data Acquisition => Data Acquisition through application vulnerabilities - But, Smart TV uses soldered storage devices & Disable JTAG, UART port
  • 24. Data Acquisition 24 / 56 Known Vulnerabilities (1-day) Using application vulnerability to acquire data Obtain accessible privilege to filesystem Unknown Vulnerabilities (0-day)
  • 25. Data Acquisition 25 / 56 • webOS emulator for developers 1) Connect to TV’s SSH services 2) Remote app installation on TV 3) Remote app execution 4) … Attack Vector Hack In Paris 2017 – LG webOS Smart TV’s 0-day “Are you watching TV now? Is It real?: Hacking of smart TV with 0-day"
  • 26. Data Acquisition 26 / 56 Connection to TV through SSH
  • 27. Data Acquisition 27 / 56 Obtain root privilege with Command Injection
  • 28. Data Acquisition 28 / 56 How can achieve the integrity of original data when data is acquired via rooting? e.g. Smartphone’s Digital Forensics Partition boot recovery cache system userdata sdcard Partitions affected by the vulnerabilityPartitions that achieve integrity Available as digital evidences
  • 29. Data Acquisition 29 / 56 How can achieve the integrity of original data when data is acquired via rooting? e.g. Smartphone’s Digital Forensics boot recovery cache system userdata sdcard Partitions affected by the vulnerabilityPartitions that achieve integrity Available as digital evidences Partition
  • 30. Partition Data Acquisition 30 / 56 How can achieve the integrity of original data when data is acquired via rooting? e.g. Smartphone’s Digital Forensics boot recovery cache system userdata sdcard Partitions affected by the vulnerabilityPartitions that achieve integrity Available as digital evidences
  • 31. Data Acquisition 31 / 56 as in the case of the United States, there will be a social debate on using a vulnerability to acquire original data against smart TV as the need for smart TV forensics increases. In case of Smart TV, ① The use of partitions is ambiguous. Therefore, the vulnerability affects most partitions. (It is corresponding to not only our study but also existing studies) ② Integrity can be considered on a folder-by-folder basis, not a partition. So, I think… How can achieve the integrity of original data when data is acquired via rooting?
  • 32. LG webOS 3.0 Smart TV Forensics - Data Acquisition - File System & Data Analysis - Collect LG Smart TV’s digital evidences
  • 33. Data Analysis – File System 33 / 56 Partition Path File system /dev/mmcblk0p15 ~ /dev/mmcblk0p35 - - /dev/mmcblk0p50 /mnt/lg/db8 ext4 /var/db ext4 /dev/mmcblk0p51 /home ext4 /mnt/lg/cmn_data ext4 /mnt/lg/flash/data ext4 /mnt/lg/user ext4 /var ext4 /mnt/lg/cache/flash ext4 /mnt/lg/cache/sdp ext4 /mnt/lg/cache/browser ext4 /mnt/lg/cache/webbrowser ext4 /var/palm/jail/com.webos.app.browser/var/luna/preferences ext4 (read only) /var/palm/jail/com.webos.app.browser/mnt/lg/cache/webbrowser ext4 /var/palm/jail/com.webos.app.browser/mnt/lg/cmn_data/admanager/cache ext4 (read only) /dev/mmcblk0p52 /mnt/lg/appstore ext4 /media ext4 /var/palm/jail/com.webos.app.browser/media/internal ext4
  • 34. Data Analysis 34 / 56 Data Acquisition & File System Analysis Pre- Imaging Functions Testing Post-Imaging Comparing pre-Image with post-image Collect User’s Action ① ② ③ ④ ⑤ Other function tests OR The function re-tests Process of Data Analysis LG Smart TV (43UH6810) Analysis Computer (1) Connect to ssh of TV with root perm (2) Upload Image.py scripts through tftp & execute (3) Disk image on …/usb/sda/sda1/[images].[time].dd (4) Sending Image file & $ rm ../usb/sda/sda1/* Smart TV’s Disk Imaging Environment
  • 35. Data Analysis 35 / 56 ② Pre-Imaging ④ Post-Imaging③ Functions Testing Example) Steps ② ~ ④ - Disk Imaging & Testing
  • 36. Data Analysis 36 / 56 Example) Step ⑤ - Compare Pre-Image with Post-Image (diffing) (1) $ diff –rNd ~/pre_image ~/post_image (2) Using Beyond Compare, Windump to binary diffing
  • 37. Data Analysis 37 / 56 Example) Step ⑤ - Compare Pre-Image with Post-Image (diffing) (1) $ diff –rNd ~/pre_image ~/post_image (2) Using Beyond Compare, WinHex to binary diffing Plain Text File Binary File
  • 38. Data Analysis 38 / 56 Example) Step ⑤ - Compare Pre-Image with Post-Image (diffing) (1) $ diff –rNd ~/pre_image ~/post_image (2) Using Beyond Compare, WinHex to binary diffing pre-image post-image
  • 39. LG webOS 3.0 Smart TV Forensics - Data Acquisition - File System & Data Analysis - Collect LG Smart TV’s digital evidences
  • 40. Collect LG Smart TV’s digital evidences 40 / 56 12 User’s Actions (First check : 18 July 2017, Last check : 14 Oct 2017) # User’s Action Path 1 Last TV On time /mmcblk0p50/vardb/main/LOG 2 TV Channel List /mmcblk0p51/epg/db/PBS_OFF_DB_0_4.db /mmcblk0p51/epg/tuner_favorite_move_index.txt 3 External Storage Usage History /mmcblk0p52/cryptofs/data/db8/mediadb/media/*.log 4 TV ON/OFF Reservation /mmcblk0p51/var/luna/preferences/time 5 Hardware Connection Information /mmcblk0p51/var/lib/webappmanager3/LocalStorage/file_com.webos.ap p.inputmgr_0.localstorage 6 Installed App Information /mmcblk0p52/cryptofs/apps/usr/lib/opkg/status 7 Internet History /mmcblk0p51/webbrowser/chrome/Default/Bookmarks, Prefer*, History 8 Recently Service Usage History /mmcblk0p52/cryptofs/data/db8/mediadb/media/*.log 9 App Install History /mmcblk0p51/var/luna/data/downloadhistory.db 10 Checking Captured Image /mmcblk0p52/captureTV 11 Last time app opened /mmcblk0p51/var/lib/webappmanager3/LocalStorage/https_kr.lgrecomm ends.lgappstv.com_0.localstorage 12 Connected Wifi Infomation /mmcblk0p51/var/lib/connman/*
  • 41. Collect LG Smart TV’s digital evidences 41 / 56 12 User’s Actions (First check : 18 July 2017, Last check : 14 Oct 2017) # User’s Action Path 1 Last TV On time /mmcblk0p50/vardb/main/LOG 2 TV Channel List /mmcblk0p51/epg/db/PBS_OFF_DB_0_4.db /mmcblk0p51/epg/tuner_favorite_move_index.txt 3 External Storage Usage History /mmcblk0p52/cryptofs/data/db8/mediadb/media/*.log 4 TV ON/OFF Reservation /mmcblk0p51/var/luna/preferences/time 5 Hardware Connection Information /mmcblk0p51/var/lib/webappmanager3/LocalStorage/file_com.webos.ap p.inputmgr_0.localstorage 6 Installed App Information /mmcblk0p52/cryptofs/apps/usr/lib/opkg/status 7 Internet History /mmcblk0p51/webbrowser/chrome/Default/Bookmarks, Prefer*, History 8 Recently Service Usage History /mmcblk0p52/cryptofs/data/db8/mediadb/media/*.log 9 App Install History /mmcblk0p51/var/luna/data/downloadhistory.db 10 Checking Captured Image /mmcblk0p52/captureTV 11 Last time app opened /mmcblk0p51/var/lib/webappmanager3/LocalStorage/https_kr.lgrecomm ends.lgappstv.com_0.localstorage 12 Connected Wifi Infomation /mmcblk0p51/var/lib/connman/*
  • 42. Collect LG Smart TV’s digital evidences 42 / 56 # User’s Action Path 1 Last TV On time /mmcblk0p50/vardb/main/LOG
  • 43. Collect LG Smart TV’s digital evidences 43 / 56 # User’s Action Path 3 External Storage History /mmcblk0p52/cryptofs/data/db8/mediadb/media/*.log 8 Recently Service Usage History /mmcblk0p52/cryptofs/data/db8/mediadb/media/*.log
  • 44. Collect LG Smart TV’s digital evidences 44 / 56 # User’s Action Path 3 External Storage History /mmcblk0p52/cryptofs/data/db8/mediadb/media/*.log 8 Recently Service Usage History /mmcblk0p52/cryptofs/data/db8/mediadb/media/*.log File Name that exists on the external storage USB Serial Number Unknown Strings USB Serial Number Serial Number Check Serial Number on my Mac
  • 45. Collect LG Smart TV’s digital evidences 45 / 56 # User’s Action Path 3 External Storage History /mmcblk0p52/cryptofs/data/db8/mediadb/media/*.log 8 Recently Service Usage History /mmcblk0p52/cryptofs/data/db8/mediadb/media/*.log
  • 46. Compare LG with Samsung Smart TV’s Digital Evidences
  • 47. Compare LG with Samsung Smart TV’s Digital Evidences 47 / 56 LG Smart TV Samsung Smart TV Our research I.Sutherland [2] H.S.Kang [3] A.Boztas [1] Issue Year - 2014 2014 2015 Published - Australian digital forensics confer KIISC* Digital Investigation Target 43UH6810 42LS570T-ZB, 55LA740V UN46ES8000 UE40F7000SLXXN TV’s Release Year 2016 2012, 2013 2012 2013 OS webOS 3.0 webOS 2.0 Proprietary OS Proprietary OS Data Acquisition Method Software Vulnerability (1-day vuln) Failed to acquire data Software Vulnerability (1-day vuln) Software Vulnerability (1-day vuln) Data Analysis Main Procedure (1) Disk Imaging (2) Diffing Using only TV’s functions(config menu, app info) (1) Disk Imaging (2) Diffing (It’s guessed in the same way as us) *KIISC : Korea Institute of Information Security & Cryptology
  • 48. Compare LG with Samsung Smart TV’s Digital Evidences 48 / 56 LG Smart TV Samsung Smart TV Our research H.S.Kang [3] A.Boztas [1] Issue Year - 2014 2015 Published - KIISC* Digital Investigation Target 43UH6810 UN46ES8000 UE40F7000SLXXN TV’s Release Year 2016 2012 2013 OS webOS 3.0 Proprietary OS Proprietary OS Data Acquisition Method Software Vulnerability (1-day vuln) Software Vulnerability (1-day vuln) Software Vulnerability (1-day vuln) Data Analysis Main Procedure (1) Disk Imaging (2) Diffing (1) Disk Imaging (2) Diffing (It’s guessed in the same way as us) *KIISC : Korea Institute of Information Security & Cryptology
  • 49. Compare LG with Samsung Smart TV’s Digital Evidences 49 / 56 User’s Actions about features of TV User’s Action LG Smart TV Samsung Smart TV Our research H.S.Kang [3] A.Boztas [1] Last TV On Time O O X TV Channel List O O O External Storage Usage History O O O O : Discover the user’s action on the TV X : Not discover user’s action or not exist on the TV
  • 50. Compare LG with Samsung Smart TV’s Digital Evidences 50 / 56 User’s Actions about applications User’s Action LG Smart TV Samsung Smart TV Our research H.S.Kang [3] A.Boztas [1] Installed App Information O O O Internet History O O O Recently Service Usage History O O O Checking captured images O X (There’s no capture func) X (There’s no capture func) O : Discover the user’s action on the TV X : Not discover user’s action or not exist on the TV
  • 51. Compare LG with Samsung Smart TV’s Digital Evidences 51 / 56 User’s Actions about system configuration User’s Action LG Smart TV Samsung Smart TV Our research H.S.Kang [3] A.Boztas [1] Connected Wifi Information O O X O : Discover the user’s action on the TV X : Not discover user’s action or not exist on the TV
  • 52. Compare LG with Samsung Smart TV’s Digital Evidences 52 / 56 User’s Actions that exists for each Smart TV only User’s Action LG Smart TV Samsung Smart TV Our research H.S.Kang [3] A.Boztas [1] TV ON/OFF Reservation O X X Hardware Connection Information O X X Last time app opened O X X App Install History O X X Latest Watched TV Channel X O X Camera Usage X (There’s no camera) O X Log policy configuration file X O X Request information In the cloud app X (There’s no cloud app) X (Maybe there’s no cloud app) O O : Discover the user’s action on the TV X : Not discover user’s action or not exist on the TV
  • 54. Conclusion 54 / 56 • Data Acquisition by obtaining root privilege • Analyze data pre-imaging, testing, and post-Imaging comparisons • Features of TV : 5 user’s actions • Pre-installed applications : 6 user’s actions • System configuration : 1 user’s action • Comparison of LG and Samsung Smart TV • Because physical methods are laborious, data acquisition in a logical way • The large classification of user’s actions is similar • User’s Actions have different depths • Physical characteristics of Smart TV, such as camera presence • Similar functionalities of are implemented differently
  • 55. Acknowledgement 55 / 56 This work was supported by Institute for Information & communications Technology Promotion(IITP) grant funded by the Korea government(MSIP) (R7117-16-0161,Anomaly detection framework for autonomous vehicles)
  • 56. Q&A
  • 58. Reference [1] Boztas, Abdul., A. R. J. Riethoven., and Mark Roeloffs. "Smart TV forensics: Digital traces on televisions." Digital Investigation 12 (2015): S72-S80. [2] Sutherland, Iain, et al. "A forensic overview of the LG Smart TV." (2014). [3] Kang, Heesoo., Minsu Park., and Seungjoo Kim. "Study on Smart TV Forensics." Journal of the Korea Institute of Information Security and Cryptology 24.5 (2014): 851-860. [4] Sutherland, Iain., Huw Read., and Konstantinos Xynos. "Forensic analysis of smart TV: A current issue and call to arms." Digital Investigation 11.3 (2014): 175-178. [5] Al Falayleh, Mousa. "A review of smart tv forensics: Present state & future challenges." The International Conference on Digital Information Processing, E-Business and Cloud Computing (DIPECC). Society of Digital Information and Wireless Communication, 2013. [6] “That Time Cops searched A Samsung Smart TV For Evidence Of Child Abuse”, https://goo.gl/YrQhXV [7] “LG Electronics Acquires webOS from HP to Enhance Smart TV”, https://goo.gl/BKG6G6 [8] Lee, Jonghoo., Mingeun Kim. “Are you watching TV now? Is it real?”, Hack in Paris 2017, https://goo.gl/Do51Zj [9] Lee, Seungjin., and Seungjoo Kim. "Hacking, surveilling and deceiving victims on smart tv." Blackhat USA (2013). [10] Grattafiori, Aaron., and Josh Yavor. “The Outer Limits: Hacking A Smart TV.” Blackhat USA (2013). [11] SamyGo forum, “https://www.samygo.tv/” [12] Park, Minsu, et al. “Developing a Protection Profile for Smart TV”, ICCC 2014, https://goo.gl/P7yNTv [13] Application Security Solution V1.0 for LG webOS TV[Certification Report], https://goo.gl/jpH2HE [14] Samsung Smart TV Security Solution V1.0[Certification Report], https://goo.gl/dNgvZA [15] LG webOS TV Developer, http://webostv.developer.lge.com/

Editor's Notes

  1. Good morning. My name is Sangmin. It’s my honor to present our research in CODEBLUE 2017 Our presentation title is LG vs. Samsung Smart TV: Which Is Better for Tracking You? This is related to Smart TV forensics.
  2. Before started, I will introduce history of smart TV forensics research. We mainly conduct a study on LG webOS 3.0(version three) Smart TV forensics. So we will explain analysis process(what we did, what we learned, what we found) in detail. In final, we will compare our research results based on LG Smart TV to earlier studies focused on Samsung Smart TV forensics. At this part, We will explain difference User’s Action in LG and Samsung Smart TV
  3. Let me start by saying just a few words about us and my professor. First of all, as presenter of the day, I studied information security with mentor of Best of the Best in 2015. Because interested in Offensive Security, I mostly conducted vulnerability analysis on embedded devices. As a result, I made a presentation on POC 2015 one of the famous hacking conference in korea titled “what if Fire Sale occurs in Korea ?” Now on, I’m master student in Korea university. During master course, I participated in many projects related to Security Testing, Common Creteria, and IoT Devices Vulnerability Analysis .
  4. Next, let me introduce our second author, Minsu Park Park is a Ph.D. student at Korea University. His main research area are Digital Forensics, Information Assurance, and especially he participated in many projects related to Smart TV forensics and Security Evaluation. Below is our professor Seungjoo Kim and our corresponding Author of this presentation. He is interested in Cryptography, Information assurance, Security Evaluation & Certification. Now that we have finished introducing the author, we will start to announce the history of Smart TV.
  5. In the graph on the right, the share of smart TV in the home IoT market is second only to the game console like PlayStation. Smart TV collects a variety of information from users to provide better personalized services and features in their daily lives. It is also closely related to daily life among smart devices. Therefore, Smart TV has a lot of data that can track past behavior for users in the home. Through smart TV forensics we can get additional information that traditional computer forensics can not get.
  6. In fact, in the US in 2016, there is a case where digital evidence obtained through smart TV forensics is used to prosecute sex offenders. This is the first use of smart TV for digital forensics. In order to emphasize the necessity of research on smart TV forensics, this case is most representative. Prior to the aforementioned case, research on smart TV forensics has been going on steadily since 2013.
  7. This picture shows you brief history of Smart TV forensics. The first research was carried out in 2013, when smart TV became popular. Since then, a total of six studies have been conducted. In the graph, SANE mark indicates what I did in my lab. I will talk more about the graph in detail.
  8. Up to now, three studies have been conducted for Samsung Smart TV and one for LG Smart TV. I will tell you more in detail from the bottom of the graph. A study conducted in October 2013 and June 2014 discusses the concept of smart TV forensics. At this time, smart TV is starting to spread. We have mainly proposed the necessity of smart TV forensics and methods of data acquisition. Then in 2014, Our lab member Kang performed his first practical research on smart TV forensics. The forensic target is Samsung Smart TV. Next, research was conducted on LG Smart TV and Samsung Smart TV. Through this graph, we can see that research focused only on smart TV of a specific manufacturer. Let me tell you about each research from now on.
  9. This graph shows the previous slide horizontally. The first research on smart TV forensics was carried out by author Mousa. They present digital evidence that could exist on smart TVs. They also mentioned there are challenges that the tools used for traditional PC forensics can not be used because smart TVs are still under development. In next , Sutherland says that the storage devices used by smart TVs are soldered and can not extract data in the conventional way. So we proposed 4 methods of acquiring data on Smart TV.
  10. Next is the study conducted in October 2014. This is the first practical study on smart TV forensics. Kang used a vulnerability in the smart TV's browser to acquire data. This vulnerability was introduced by Seungjin Lee at Black Hat USA 2013. We then proposed a total of 9 User's Action Data through the binary dipping method. Later on, our research on LG Smart TV analysis used the same analysis method. The binary dipping method will be described in detail later in our analysis.
  11. Next, Sutherland conducted another forensic study on LG Smart TV. Until that point, his Smart TV forensics study is the only one that analyze other manufacturers However, there are some limits that the study proceeded with failure to acquire data. Therefore they proposed a User's Action that can be obtained from basic TV settings and application settings. (User's Action mean, It can be used as digital evidence)
  12. Next, Boztas conducted a forensic study on Samsung Smart TV. Boztas used three methods to acquire data on smart TVs. Each method is eMMC access, NFI toolkit, and Using Software Vulnerability. However, data acquisition using the eMMC access, and NFI toolkit failed So, they acquired administrator privilege with vulnerability acquired from samyGO. The data was obtained through this. The data analysis process is not described in their paper, but I think they used binary dipping similar to Mr.Kang's research. They proposed a total of 8 User's Action Data.
  13. Lastly, Mr.Park conducted research on Samsung Smart TV. This paper was accepted in November 2016, but has not yet been published. Mr.Park, who is also the second author of our presentations, conducted a study on Samsung smart TV forensics. He compared the results with those of the existing Sutherland and Boztas.
  14. The following table summarizes all of the words so far. Most notable points are followings. Only one study on LG Smart TV forensics was conducted. And the rest are Samsung smart TV forensics. Also, Study cases of LG Smart TV did not acquire data. Therefore, we have conducted forensic research on LG Smart TV and will release it in detail. Go back to the table and look at the colored part of the table. Samsung smart TV used a software vulnerability to acquire data. Embedded devices such as smart phones are soldered to storage devices. So, during the forensic process, you can lose all of your data through de-soldering. Smart TVs also have the same problem as embedded devices. Therefore, you can see that capturing the data through the software vulnerabilities is possible. As we will tell you later, we also used software vulnerabilities for LG Smart TV forensics.
  15. There was also research on software vulnerabilities in smart TVs. LG Smart TV hacking was announced by our lab member named Jongho Lee at Hack In Paris 2017. Mr.Lee introduced a vulnerability that could lead to acquiring administrator privileges by performing vulnerability analysis on LG webOS 3.0 Smart TV. We were able to identify the attack vector through the presentation to obtain data from LG Smart TV.
  16. Next is Samsung Smart TV hacking. Samsung smart TV has the highest share in the global market. Therefore, there are a lot of research on hacking. Black Hat USA 2013 announced two research cases about smart TV hacking. Especially the vulnerability of the browser from the announcement of Seungjin Lee was used for data acquisition in the study of Kang's Samsung Smart TV forensics. And there is SamyGO, an online community related to Samsung smart TV firmware. In this community, TV user’s can share firmware acquisition and analysis contents of Samsung smart TV. Likewise, Boztas, who studied the existing Samsung Smart TV forensics, also used a vulnerability acquired from SamyGO.
  17. So far, I have introduced a study on smart TV forensics and smart TV hacking. There are also studies to implement safe smart TV. In our lab, we have conducted projects referring the Common Criteria, an international security assessment standard. In 2014, Minsu Park, our lab member, announced a study on the development of the Protection Profile, which specifies the minimum security functions Smart TV should have in ICCC. In 2017, Sooyoung participated in the study on CC certification of LG Smart TV. Sooyoung was the first to obtain a CC EAL 2 certificate for LG smart TV and published it as a thesis.
  18. This(left side) is the CC EAL 2 certificate of LG Smart TV acquired through the research project in the lab. Currently, LG Smart TV has acquired the CC EAL 2 certificate and Samsung Smart TV has the CC EAL 1 certificate. So far, I have put all researches on forensics, hacking, and security evaluation of smart TV together. In conclusion, we can see that the research on smart TV is carried out in various ways. We also found that in the case of smart TV digital forensics, there is a limit to the fact that research is focused on specific manufacturers. Besides one study on LG Smart TV forensics shows that the data was not acquired. Therefore, we conducted research on LG Smart TV forensics.
  19. Now, let me talk about what we have done for LG Smart TV. We'll talk about data acquisition process in detail. And We will talk about the data analysis and collection process.
  20. The analysis target is LG webOS 3.0 smart TV. The firmware version is 4.30.85 and It was the latest version at that time But Currently, It was updated again on October 28th in 2017.
  21. LG Smart TV uses webOS. webOS is a Linux kernel based mobile operating system that is used by various LG products. Various embedded products using webOS is introduced at CES every year. This year, LG is introduced a refrigerator using webOS.
  22. I’ll briefly finish the introduction part, And from now on, let me talk about the process of data acquisition.
  23. First, there is Invasive Physical Data Acquisition. However, smart TVs have soldered storage devices. Furthermore Debugging ports such as JTAG and UART are also disabled. Desoldering soldered storage is laborious work. If desoldering works go to fail, you should have risk for taking the risk of failure in Smart TV. Currently our TV is about $ 1000, so it is a very expensive price for me. Of course, Mr.Boztas, a researcher on Samsung Smart TV Forensics, mention it has the disadvantage of using Application Vulnerability that can easily be blocked by firmware updates. In contrast, the physical method is difficult, but once you have succeeded, you have the advantage of continuing to use it. But in order to collect the LG Smart TV's digital evidences, we need to see the data multiple times. Therefore, we have acquired data through application vulnerabilities for data acquisition.
  24. There are two ways to obtain data using application vulnerabilities. One is a way to exploit the 0-day vulnerability, the Unknown vulnerability. There is a way to find the 0-day vulnerability directly. Or, if you can purchase the vulnerability, you can purchase it. The other one is a way to exploit 1-day vulnerability, the Known vulnerability. 1-day vulnerability can use exploit codes published in CVE or Exploit Database. You can also identify Attack Vectors through material published at hacking conferences such as Black Hat and Hack In Paris. Through many conference papers and vulnerability database, we can personally analyzed 1-day vulnerabilities.
  25. We decided to analyze the vulnerability directly to acquire data from LG Smart TV. We saw the announcement of Hack In Paris and identified the Attack Vector. The Attack Vector is a webOS Emulator that is distributed to developers. The emulator has many features such as enabling SSH service on your TV, installing and running apps remotely on your TV. So we analyzed the emulator intensively and found a Command Injection vulnerability that could gain administrator privileges.
  26. I prepared the video, but I explained the vulnerability in detail, so I will explain by the picture. If you access SSH through emulator, connect as prisoner account. However, the account can not access all file systems. At the bottom of the picture, you can see that the result of the mount command is zero. As a result, we have found a vulnerability in Command Injection that can elevate privilege through analysis of the vulnerability of the emulator.
  27. So I got root privilege as a Command Injection vulnerability. And I was able to access all the file systems. You can see that 115 results are printed by executing the mount command. Of course, this vulnerability has already been patched via a firmware update.
  28. There is a point to be noted before going forward. How can achieve the integrity of original data when data is acquired via rooting? Take the digital forensics of smartphones as example. Smartphones are clearly divided according to the use of partitions.
  29. Therefore, there is a partition affected by the vulnerability. The partition can not preserve integrity. Therefore, the data on that partition is not recognized as digital evidence.
  30. In Contrast, partitions that are not affected by the vulnerability are not compromised. Therefore, the data on that partition can be used as digital evidence.
  31. In the case of smart TVs at present, the partitions are not clearly divided. So many partitions are affected by the vulnerability. If the integrity of the data is taken into consideration, integrity can be preserved on a folder-by-folder basis. In my opinion as in the case of the United States, there will be a social debate on using a vulnerability to acquire original data against smart TV as the need for smart TV forensics increases.
  32. We acquired administrator privileges and acquired data through software vulnerabilities that existed in the webOS Emulator. Next, I will explain the process of analyzing the data acquired.
  33. We already acquired root privileges, and now it’s time to analyze the data to collect the user's action data. The first thing we did was check the file system through the mount instruction. A lot of mount information was displayed through mount instruction, and I checked the mount information of the flash memory starting with mmcblk. Mmcblk is a block of MMC (Multi Media Card) which is the memory card standard of flash memory. In the table, there are partition blocks from mmcblk0p15 to 52. As you will see on the next slide, however, mmcblk mount disks do not change as you use your TV except 50, 51, and 52. Therefore, we focused on mmcblk50, 51, 52 where data is created, deleted, and modified according to TV usage.
  34. Next, let's talk about the data analysis process. The process totally takes 6 steps. First step is data acquisition and file system analysis. We used Application Vulnerability to gain administrative privileges and obtain data. We also identified the mmcblk partition through file system analysis. Second step is the Pre-Imaging. Through the dd command to image all mmcblk partitions. Third step is just use the functions of the TV, such as application launch, HDMI connection or some other things. Fourth is post-imaging step. through the dd command, Imaging all the mmcblk partitions one more time. In Fifth step, we compares the data between Pre-Imaging and Post-Imaging. We did binary imaging using the Diff command on linux, Winhex and Beyond Compare on Windows tool. This allows us to identify User's Actions that can be used as digital evidence. Finally, repeat steps 2 to 5 to identify User's Action data that can be used as Digital Evidence for various functions on the TV. The environment I implemented to perform steps 2 to 4 of the process is shown below. It takes about 10 minutes to image all mmcblock once. Therefore, the most important thing to consider when imaging a disk was to minimize storage space and minor mistake. My target is using a small amount of flash memory. So, This can cause problems during the imaging process Since the TV supports USB, I saved the image file to USB. We also used tftp to transfer the image directly from Smart TV to computer conducted analysis and immediately delete images to minimize any human error due to the increased image file. Smart TV provided Python, so I wrote a script and got it to work at once. Of course, the reason I used Python scripts was to minimize mistakes. The data analysis process described in the previous five steps will be explained again with an example.
  35. Steps 2 to 4 of the analysis procedure is like this slide : In step 2, Pre-Imaging is conducted In step 3, just use the TV features such as TV ON / OFF and HDMI connection. In step 4, Post-Imaging is conducted.
  36. In Step 5, Through Comparison between the Pre-Image file and the Post-Image file, we find the user's action. Mount each imaged image file in a different folder. Then run pre & post image diffing through Linux diff command. If you execute the whole Pre & post image file through the diff command, you can get the same result as the picture above. From the results, you can identify the data from Create, Delete, and Modify in pre and post images.
  37. After executing diff command with –rNd option, you can see which files are created or deleted.  If the different file is plain text files, you can see the contents through the diff command. Also if the different file’s type is binary, you can identify the binary files are different. After this, binary files marked differently were analyzed manually by Socoter's Beyond Compare and X-Ways' winHex files one by one.
  38. So in the case of a binary file marked different from the results obtained by the diff command, binary dipping was conducted in Windows. It all took a long time to go through the manual.
  39. Through the analysis process, various user's action data that can be used as Digital Evidence are identified. Let me talk about this.
  40. We have identified 12 User's action data that can be used with Digital Evidence through our analysis process. For each User's Action, we will explain it in comparison with the results of previous Samsung Smart TV forensics research.
  41. However, three marked User's Actions have a special character that data is volatile. So only the three will be described in detail.
  42. First, let me talk about Last TV On Time. When you turn on Smart TV, the TV turns on first, and webOS boots in the background. A LOG file including Last TV On Time information is created each time when webOS is booted. Then, let’s take a look at the picture below. The contents of the LOG could not check correctly. I carefully guess it is related to booting. But, the information marked by the red rectangle always points to boot time. Therefore, although it does not explicitly indicate Last TV On time, you can obtain Last Time on Time information by viewing the date and time information in the LOG file.
  43. The following is about User's Actions in External Storage History and Recently Service Usage History. Two pieces of information share a single log file. The log file has a dot log extension. And file expressed with asterisk is given a certain number every time the TV is booted, but I have not found a reason why this happened. The * .log files also use their own format. So we continued to analyze the format, but we could not figure it out. So the exact format is unknown, but the file’s contents was existed in the text, so I could manually analyze it through the Text Viewer. Let's move on to User's Action again. First, let's start with External Storage History. LG Smart TV offers a USB port for photo, video, music, and patch functions. When the storage device is connected to the corresponding port, the serial number of the connected device and the file name information existing in the connected device are stored in the log file.
  44. In case of Serial Number, it is displayed as Hexadecimal Value. You can check the serial number by converting hex value to ASCII code through Script. The bottom right photo shows the serial number of the same storage device connected to my MacBook. You can also see that log file records the file names that exist in the connected external storage device. However, there are also Unknown Strings in the log file. I continued to analyze, but I could not figure it out.
  45. Next is the Recently Service Usage History. It is stored in the same file where the previous External Storage History stored. The log file writes new data by appending them at the bottom. When you run the Application, the Application's Package Name is written to the * .log file. Therefore, you can check the log file to find out the order in which the application runs. However, the 3 User's actions mentioned so far are characterized by being deleted each time the TV is turned off, and newly created when turned on. Which means it is volatile information.
  46. So far, we have introduced the results of LG Smart TV forensics. Finally, let me tell you a comparison of Digital Evidence presented in a study on LG and Samsung smart TV forensics
  47. The comparison results are shown in the table. The comparison with LG Smart TV is Sutherland’s research. And the comparison for Samsung Smart TV is the research of Kang and Boztas. First, our research and Sutherland analyzed smart TVs with webOS 3.0 and webOS 2.0, respectively. And we used software vulnerabilities for data acquisition. However, Sutherland proposed only a simple User's action that could be checked in the configuration because the data acquisition in his research was not successful.
  48. Therefore, we compared forensics research except for the Sutherland’s. Kang and Boztas on Samsung Smart TV analyzed smart TV with proprietary OS. For Samsung smart TV, they currently use Taizen. But there is no research on Smart TV forensics that currently uses Tizen. We think that forensic research is necessary for Samsung smart TV using Tizen OS. In the data acquisition procedure, all three studies used software vulnerabilities. In the data analysis procedure, our research and Kang's research performed binary dipping after Partition Imaging. In case of Boztas, he did not mention in detail on the data analysis procedure in his paper, but I guess he used the same method. And to conclude, the table shows that you have used software vulnerabilities to acquire data on embedded devices. Therefore, the existing oftware vulnerabilities such as digital forensics of smartphones is likely to become an important issue for smart TV forensics.
  49. Now, let's compare each study’s results. O marks in the table means “Discover the user's action on the TV”. In contrast, X means “Not discover user's action or not exist on the TV”. First, it's User's Actions on the TV's traditional functions. In case of Last TV On Time, it was existed in LG Smart TV and Samsung Smart TV analyzed by Kang. Also TV Channel List and External Storage Usage History are found in both LG and Samsung Smart TV. We'll compare them through demo videos in detail. (There may or may not be a demonstration vedio.)
  50. Next is User's Actions for Smart TV applicatoins. You can see that Installed App Information, Internet History, and Recently Service Usage History data exist. However, Checking captured images exist only on LG Smart TV. Because Samsung smart TV analyzed by Kang and Boztas has no capture function. We will also compare them through the demo video. (There may or may not be a demonstration vedio.)
  51. Next is the User's Action for system configuration. Connected Wifi Information data exists on TV analyzed by Kang and Our research. I think we can check this data from the TV's setting through the remote controller. Boztas did not suggest, but I think it will exist. But in case of LG Smart TV, you can get more detailed data about WiFi information. Let's take a look at the demo video. (There may or may not be a demonstration vedio.)
  52. Finally, it is User's Actions that are unique to each Smart TV. User's Actions written in the table can be differently found depending on the manufacturer's implementation method or physical characteristics. First, let's take an example of the differences in implementation method. For example, in case of TV ON / OFF Reservation, Samsung Smart TV does not have TV ON / OFF Reservation function. Additionally, ‘Request Information exists only on the cloud application’ User’s Action in TV analyzed by Boztas. And let me give an example of the difference by physical characteristics. For example, in case of ‘Camera Usage’, LG Smart TV does not have a camera. The User's Action that we describe now is affected by the implementation method or physical characteristics, so it is likely to be different for each manufacturer or product. We'll explain one by one in detail through the demo video. (There may or may not be a demonstration vedio.)
  53. Initially I have talked about related research on forensics, hacking, and security assessment for Smart TV. Next, I described the research on LG Smart TV forensics. In presentation, I talked about my personal thoughts about the integrity of smart TV data when acquiring data using software vulnerabilities. Finally, we compared results among LG Smart TV and Samsung smart TV forensics research. Now, let me tell you the conclusion of today's presentation.
  54. We acquired data by gainng root privileges through software vulnerabilities. We analyzed the data through pre-imaging, testing, and post-imaging processes and proposed a total of 12 User's Actions. Our suggested User's Actions are 5 for the TV's native functionality, 5 for the pre-installed applications, and 1 for the system configuration. And we compared LG and Samsung Smart TV. As a result, we found when conducting Smart TV forensics, Using software vulnerabilities for data acquisition is in common. And the large classification of User's actions proposed in each study was found to be the same. But Depths were different depending on implementation method and physical characteristics. Although the depth is different, I think that the user's action that each TV has in common can be utilized as main Digital Evidence when performing actual smart TV forensic. I also think we can use the unique Digital Evidence of TV by analyzing the characteristics of smart TV first. Thank you all for listening. This is end of my presentation. If you have questions, ask me without hesitation