SlideShare ist ein Scribd-Unternehmen logo

ciso-platform-annual-summit-2013-Attacks on smart tv

Priyanka Aash
Priyanka Aash

Presented by Martin Herfurt at CISO Platform Annual Summit, 2013.Martin did a lot of work in the field of Bluetooth Security when he founded the trifinite.group in 2004. Currently, he is working for the German IT-Security firm n.runs professionals along with managing his new venture, toothR.

BildungTechnologieBusiness
1 von 29
Security Issues with Hybrid Broadcast Broadband TV (HbbTV) Watching TV suddenly is fun again! © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
Who am I • • • • • Martin Herfurt Security Consultant working with n.runs Co-founder of trifinite.org Bluetooth security expert @mherfurt © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
SmartTV Security Overview • December 2012: ReVuln - USB/Local attacks on SAMSUNG Smart TV • March 2013: CanSecWest – Smart TV Security (great talk, but excluding HbbTV stuff) (SeungJin Lee, Seungjoo Kim) • May 2013: (TU Darmstadt) HbbTV Privacy issues (Marco Ghiglieri, Florian Oswald, Erik Tews) • June 2013: Security Issues with HbbTV • August 2013: Attacking Smart TVs via apps (Aaron Grattafiori, Josh Yavor) © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
HbbTV Background • • • • Pan-European effort HbbTV = H4TV(fr) + HTML Profil(de) ETSI TS 102796 (published in June 2010) Adopts existing specifications – HTML-CE (Web for Consumer Electronics) – OIPF (Open IPTV Forum) • Goal is to combine broadcast content with online content © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
DVB Stream Plain Old DVB © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
Augmented DVB Stream Hybrid Broadband Broadcast TV © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
The Red Button © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
SevenOne Media © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
What you think you see © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
What you are really seeing © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
How is the Red Button displayed? • • • • TV has a DAE (Browser) Content from URL within DVB-Stream Overlay on actual TV image Mostly transparent web page © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
Data Collection • Extraction of channel list • Transparent proxy setup • Script for switching channels via IP © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
Stations with HbbTV on Astra 19.2E List was generated on 9th of may 2013 with no CI-modules except HD+ in use (e.g. no SKY) © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
Subset of Stations using Google Analytics RTL2 uses a service called etracker.com Sometimes mechanisms for periodical tracking in use (transparent page refresh) © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
Possible Injection Vectors ! Augmented DVB Stream ! ! ! © 2013, n.runs professionals GmbH – Security Research Team ! Martin Herfurt
What Would Dr. Evil Do? © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
Watering Hole Attacks – sometimes very likely Apache/1.3.27 (Unix) (Red-Hat/Linux) mod_ssl/2.8.12 OpenSSL/0.9.6b DAV/1.0.3 PHP/4.1.2 mod_perl/1.26 mod_gzip/1.3.26.1a © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
Content Injection © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
Rogue Video Display © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
Spoofing News Tickers © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
Attacks on DNS © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
Possilbe Attacks (Javascript) • OIPF Objects – contain device specific (and maybe personal) information (see Open IPTV Forum standard) like channel lists etc. – not everything from standard is implemented • HTML/JavaScript – time-based scan of home networks – transmit information to arbitrary inet location – You name it! • Recycle known malicious javascript code! – Google Dorks © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
© 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
Countermeasures © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
Unplug SmartTV © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
Use a Firewall © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
Block Domain Name Service © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
HAL – To Serve & Protect © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
Thank You! Find more on: © 2013, n.runs professionals GmbH – Security Research Team blog.nruns.com Martin Herfurt

Empfohlen

DDOS Audit
DDOS AuditDDOS Audit
DDOS Audit
Vinoth Sivasubramanan
 
ciso-platform-annual-summit-2013-New Framework for ERP Security
ciso-platform-annual-summit-2013-New Framework for ERP Securityciso-platform-annual-summit-2013-New Framework for ERP Security
ciso-platform-annual-summit-2013-New Framework for ERP Security
Priyanka Aash
 
ciso-platform-annual-summit-2013-ciso assessment exec summary _ibm
ciso-platform-annual-summit-2013-ciso assessment exec summary _ibmciso-platform-annual-summit-2013-ciso assessment exec summary _ibm
ciso-platform-annual-summit-2013-ciso assessment exec summary _ibm
Priyanka Aash
 
Defcon 22-phil-polstra-cyber-hijacking-airplanes-truth-or-fi
Defcon 22-phil-polstra-cyber-hijacking-airplanes-truth-or-fiDefcon 22-phil-polstra-cyber-hijacking-airplanes-truth-or-fi
Defcon 22-phil-polstra-cyber-hijacking-airplanes-truth-or-fi
Priyanka Aash
 
Defcon 22-graham-mc millan-tentler-masscaning-the-internet
Defcon 22-graham-mc millan-tentler-masscaning-the-internetDefcon 22-graham-mc millan-tentler-masscaning-the-internet
Defcon 22-graham-mc millan-tentler-masscaning-the-internet
Priyanka Aash
 
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malwareDefcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
Priyanka Aash
 
Defcon 22-david-wyde-client-side-http-cookie-security
Defcon 22-david-wyde-client-side-http-cookie-securityDefcon 22-david-wyde-client-side-http-cookie-security
Defcon 22-david-wyde-client-side-http-cookie-security
Priyanka Aash
 
Defcon 22-gregory-pickett-abusing-software-defined-networks
Defcon 22-gregory-pickett-abusing-software-defined-networksDefcon 22-gregory-pickett-abusing-software-defined-networks
Defcon 22-gregory-pickett-abusing-software-defined-networks
Priyanka Aash
 

Empfohlen

DDOS Audit
DDOS AuditDDOS Audit
DDOS Audit
Vinoth Sivasubramanan
 
ciso-platform-annual-summit-2013-New Framework for ERP Security
ciso-platform-annual-summit-2013-New Framework for ERP Securityciso-platform-annual-summit-2013-New Framework for ERP Security
ciso-platform-annual-summit-2013-New Framework for ERP Security
Priyanka Aash
 
ciso-platform-annual-summit-2013-ciso assessment exec summary _ibm
ciso-platform-annual-summit-2013-ciso assessment exec summary _ibmciso-platform-annual-summit-2013-ciso assessment exec summary _ibm
ciso-platform-annual-summit-2013-ciso assessment exec summary _ibm
Priyanka Aash
 
Defcon 22-phil-polstra-cyber-hijacking-airplanes-truth-or-fi
Defcon 22-phil-polstra-cyber-hijacking-airplanes-truth-or-fiDefcon 22-phil-polstra-cyber-hijacking-airplanes-truth-or-fi
Defcon 22-phil-polstra-cyber-hijacking-airplanes-truth-or-fi
Priyanka Aash
 
Defcon 22-graham-mc millan-tentler-masscaning-the-internet
Defcon 22-graham-mc millan-tentler-masscaning-the-internetDefcon 22-graham-mc millan-tentler-masscaning-the-internet
Defcon 22-graham-mc millan-tentler-masscaning-the-internet
Priyanka Aash
 
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malwareDefcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
Priyanka Aash
 
Defcon 22-david-wyde-client-side-http-cookie-security
Defcon 22-david-wyde-client-side-http-cookie-securityDefcon 22-david-wyde-client-side-http-cookie-security
Defcon 22-david-wyde-client-side-http-cookie-security
Priyanka Aash
 
Defcon 22-gregory-pickett-abusing-software-defined-networks
Defcon 22-gregory-pickett-abusing-software-defined-networksDefcon 22-gregory-pickett-abusing-software-defined-networks
Defcon 22-gregory-pickett-abusing-software-defined-networks
Priyanka Aash
 
Splunk Webinar: Splunk App for Palo Alto Networks
Splunk Webinar: Splunk App for Palo Alto NetworksSplunk Webinar: Splunk App for Palo Alto Networks
Splunk Webinar: Splunk App for Palo Alto Networks
Georg Knon
 
Converging CAS and DRM, David Bouteruche from Nagra
Converging CAS and DRM, David Bouteruche from NagraConverging CAS and DRM, David Bouteruche from Nagra
Converging CAS and DRM, David Bouteruche from Nagra
Justindwah
 
Privacy and security in IoT
Privacy and security in IoTPrivacy and security in IoT
Privacy and security in IoT
Vasco Veloso
 
Lieven Vermaele - SDNsquare - Flanders Belgium - Stanford Engineering - Mar ...
Lieven Vermaele - SDNsquare - Flanders Belgium - Stanford Engineering - Mar ...Lieven Vermaele - SDNsquare - Flanders Belgium - Stanford Engineering - Mar ...
Lieven Vermaele - SDNsquare - Flanders Belgium - Stanford Engineering - Mar ...
Burton Lee
 
Get to know infoSec - EEESE2014 presentation - Duko Team
Get to know infoSec - EEESE2014 presentation - Duko TeamGet to know infoSec - EEESE2014 presentation - Duko Team
Get to know infoSec - EEESE2014 presentation - Duko Team
Ahmed EL Murtada
 
20100115 Critical Links Edge Box Product Presentation
20100115 Critical Links Edge Box Product Presentation20100115 Critical Links Edge Box Product Presentation
20100115 Critical Links Edge Box Product Presentation
jfvcarreira
 
IMA/Thales EchoVoice (VOIP) for OpenSimulator Presentation at OSCC19
IMA/Thales EchoVoice (VOIP) for OpenSimulator Presentation at OSCC19IMA/Thales EchoVoice (VOIP) for OpenSimulator Presentation at OSCC19
IMA/Thales EchoVoice (VOIP) for OpenSimulator Presentation at OSCC19
Lisa Laxton
 
Keynote - Introducing the Digital Home Working Group - G Stone
Keynote - Introducing the Digital Home Working Group - G StoneKeynote - Introducing the Digital Home Working Group - G Stone
Keynote - Introducing the Digital Home Working Group - G Stone
mfrancis
 
Debunking IoT Security Myths
Debunking IoT Security MythsDebunking IoT Security Myths
Debunking IoT Security Myths
cumulocity
 
Core Values Decision Sept
Core Values Decision SeptCore Values Decision Sept
Core Values Decision Sept
Computer_Forensic
 
IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?
Zoltan Balazs
 
4 stars
4 stars4 stars
4 stars
Prince Soni
 
Secure channels main deck
Secure channels main deckSecure channels main deck
Secure channels main deck
Richard Blech
 
Android Application Development Basic
Android Application Development BasicAndroid Application Development Basic
Android Application Development Basic
OESF Education
 
Testing with a Rooted Mobile Device
Testing with a Rooted Mobile DeviceTesting with a Rooted Mobile Device
Testing with a Rooted Mobile Device
TechWell
 
Far South Networks Vision
Far South Networks VisionFar South Networks Vision
Far South Networks Vision
Clarotech_Events
 
Asoreco presentatie werfmonitor_v12
Asoreco presentatie werfmonitor_v12Asoreco presentatie werfmonitor_v12
Asoreco presentatie werfmonitor_v12
Kristof Geilenkotten
 
Internet of things basics
Internet of things basicsInternet of things basics
Internet of things basics
cumulocity
 
Check Point sizing security
Check Point sizing securityCheck Point sizing security
Check Point sizing security
Group of company MUK
 
Daniel Glueck - How Bosch develops for IBM Connections
Daniel Glueck - How Bosch develops for IBM ConnectionsDaniel Glueck - How Bosch develops for IBM Connections
Daniel Glueck - How Bosch develops for IBM Connections
LetsConnect
 
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Priyanka Aash
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdf
Priyanka Aash
 

Weitere ähnliche Inhalte

Ähnlich wie ciso-platform-annual-summit-2013-Attacks on smart tv

Converging CAS and DRM, David Bouteruche from Nagra
Converging CAS and DRM, David Bouteruche from NagraConverging CAS and DRM, David Bouteruche from Nagra
Converging CAS and DRM, David Bouteruche from Nagra
Justindwah
 
Lieven Vermaele - SDNsquare - Flanders Belgium - Stanford Engineering - Mar ...
Lieven Vermaele - SDNsquare - Flanders Belgium - Stanford Engineering - Mar ...Lieven Vermaele - SDNsquare - Flanders Belgium - Stanford Engineering - Mar ...
Lieven Vermaele - SDNsquare - Flanders Belgium - Stanford Engineering - Mar ...
Burton Lee
 
IMA/Thales EchoVoice (VOIP) for OpenSimulator Presentation at OSCC19
IMA/Thales EchoVoice (VOIP) for OpenSimulator Presentation at OSCC19IMA/Thales EchoVoice (VOIP) for OpenSimulator Presentation at OSCC19
IMA/Thales EchoVoice (VOIP) for OpenSimulator Presentation at OSCC19
Lisa Laxton
 
Keynote - Introducing the Digital Home Working Group - G Stone
Keynote - Introducing the Digital Home Working Group - G StoneKeynote - Introducing the Digital Home Working Group - G Stone
Keynote - Introducing the Digital Home Working Group - G Stone
mfrancis
 
Testing with a Rooted Mobile Device
Testing with a Rooted Mobile DeviceTesting with a Rooted Mobile Device
Testing with a Rooted Mobile Device
TechWell
 
Asoreco presentatie werfmonitor_v12
Asoreco presentatie werfmonitor_v12Asoreco presentatie werfmonitor_v12
Asoreco presentatie werfmonitor_v12
Kristof Geilenkotten
 

Ähnlich wie ciso-platform-annual-summit-2013-Attacks on smart tv (20)

Splunk Webinar: Splunk App for Palo Alto Networks
Splunk Webinar: Splunk App for Palo Alto NetworksSplunk Webinar: Splunk App for Palo Alto Networks
Splunk Webinar: Splunk App for Palo Alto Networks
 
Converging CAS and DRM, David Bouteruche from Nagra
Converging CAS and DRM, David Bouteruche from NagraConverging CAS and DRM, David Bouteruche from Nagra
Converging CAS and DRM, David Bouteruche from Nagra
 
Privacy and security in IoT
Privacy and security in IoTPrivacy and security in IoT
Privacy and security in IoT
 
Lieven Vermaele - SDNsquare - Flanders Belgium - Stanford Engineering - Mar ...
Lieven Vermaele - SDNsquare - Flanders Belgium - Stanford Engineering - Mar ...Lieven Vermaele - SDNsquare - Flanders Belgium - Stanford Engineering - Mar ...
Lieven Vermaele - SDNsquare - Flanders Belgium - Stanford Engineering - Mar ...
 
Get to know infoSec - EEESE2014 presentation - Duko Team
Get to know infoSec - EEESE2014 presentation - Duko TeamGet to know infoSec - EEESE2014 presentation - Duko Team
Get to know infoSec - EEESE2014 presentation - Duko Team
 
20100115 Critical Links Edge Box Product Presentation
20100115 Critical Links Edge Box Product Presentation20100115 Critical Links Edge Box Product Presentation
20100115 Critical Links Edge Box Product Presentation
 
IMA/Thales EchoVoice (VOIP) for OpenSimulator Presentation at OSCC19
IMA/Thales EchoVoice (VOIP) for OpenSimulator Presentation at OSCC19IMA/Thales EchoVoice (VOIP) for OpenSimulator Presentation at OSCC19
IMA/Thales EchoVoice (VOIP) for OpenSimulator Presentation at OSCC19
 
Keynote - Introducing the Digital Home Working Group - G Stone
Keynote - Introducing the Digital Home Working Group - G StoneKeynote - Introducing the Digital Home Working Group - G Stone
Keynote - Introducing the Digital Home Working Group - G Stone
 
Debunking IoT Security Myths
Debunking IoT Security MythsDebunking IoT Security Myths
Debunking IoT Security Myths
 
Core Values Decision Sept
Core Values Decision SeptCore Values Decision Sept
Core Values Decision Sept
 
IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?
 
4 stars
4 stars4 stars
4 stars
 
Secure channels main deck
Secure channels main deckSecure channels main deck
Secure channels main deck
 
Android Application Development Basic
Android Application Development BasicAndroid Application Development Basic
Android Application Development Basic
 
Testing with a Rooted Mobile Device
Testing with a Rooted Mobile DeviceTesting with a Rooted Mobile Device
Testing with a Rooted Mobile Device
 
Far South Networks Vision
Far South Networks VisionFar South Networks Vision
Far South Networks Vision
 
Asoreco presentatie werfmonitor_v12
Asoreco presentatie werfmonitor_v12Asoreco presentatie werfmonitor_v12
Asoreco presentatie werfmonitor_v12
 
Internet of things basics
Internet of things basicsInternet of things basics
Internet of things basics
 
Check Point sizing security
Check Point sizing securityCheck Point sizing security
Check Point sizing security
 
Daniel Glueck - How Bosch develops for IBM Connections
Daniel Glueck - How Bosch develops for IBM ConnectionsDaniel Glueck - How Bosch develops for IBM Connections
Daniel Glueck - How Bosch develops for IBM Connections
 

Mehr von Priyanka Aash

Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Priyanka Aash
 

Mehr von Priyanka Aash (20)

Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdf
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdf
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdf
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdf
 
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfEVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
 
DPDP Act 2023.pdf
DPDP Act 2023.pdfDPDP Act 2023.pdf
DPDP Act 2023.pdf
 
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfCyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
 
Cyber Crisis Management.pdf
Cyber Crisis Management.pdfCyber Crisis Management.pdf
Cyber Crisis Management.pdf
 
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfCISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdf
 
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfChennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdf
 
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfCloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdf
 
Stories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldStories From The Web 3 Battlefield
Stories From The Web 3 Battlefield
 
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksLessons Learned From Ransomware Attacks
Lessons Learned From Ransomware Attacks
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
 
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
 
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 

Kürzlich hochgeladen

1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
QucHHunhnh
 
Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.
MateoGardella
 
Making and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdfMaking and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdf
Chris Hunter
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
QucHHunhnh
 

Kürzlich hochgeladen (20)

Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writing
 
Making and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdfMaking and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdf
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
psychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxpsychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docx
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...
SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...
SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptx
 

ciso-platform-annual-summit-2013-Attacks on smart tv

  • 1. Security Issues with Hybrid Broadcast Broadband TV (HbbTV) Watching TV suddenly is fun again! © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
  • 2. Who am I • • • • • Martin Herfurt Security Consultant working with n.runs Co-founder of trifinite.org Bluetooth security expert @mherfurt © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
  • 3. SmartTV Security Overview • December 2012: ReVuln - USB/Local attacks on SAMSUNG Smart TV • March 2013: CanSecWest – Smart TV Security (great talk, but excluding HbbTV stuff) (SeungJin Lee, Seungjoo Kim) • May 2013: (TU Darmstadt) HbbTV Privacy issues (Marco Ghiglieri, Florian Oswald, Erik Tews) • June 2013: Security Issues with HbbTV • August 2013: Attacking Smart TVs via apps (Aaron Grattafiori, Josh Yavor) © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
  • 4. HbbTV Background • • • • Pan-European effort HbbTV = H4TV(fr) + HTML Profil(de) ETSI TS 102796 (published in June 2010) Adopts existing specifications – HTML-CE (Web for Consumer Electronics) – OIPF (Open IPTV Forum) • Goal is to combine broadcast content with online content © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
  • 5. DVB Stream Plain Old DVB © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
  • 6. Augmented DVB Stream Hybrid Broadband Broadcast TV © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
  • 7. The Red Button © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
  • 8. SevenOne Media © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
  • 9. What you think you see © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
  • 10. What you are really seeing © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
  • 11. How is the Red Button displayed? • • • • TV has a DAE (Browser) Content from URL within DVB-Stream Overlay on actual TV image Mostly transparent web page © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
  • 12. Data Collection • Extraction of channel list • Transparent proxy setup • Script for switching channels via IP © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
  • 13. Stations with HbbTV on Astra 19.2E List was generated on 9th of may 2013 with no CI-modules except HD+ in use (e.g. no SKY) © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
  • 14. Subset of Stations using Google Analytics RTL2 uses a service called etracker.com Sometimes mechanisms for periodical tracking in use (transparent page refresh) © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
  • 15. Possible Injection Vectors ! Augmented DVB Stream ! ! ! © 2013, n.runs professionals GmbH – Security Research Team ! Martin Herfurt
  • 16. What Would Dr. Evil Do? © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
  • 17. Watering Hole Attacks – sometimes very likely Apache/1.3.27 (Unix) (Red-Hat/Linux) mod_ssl/2.8.12 OpenSSL/0.9.6b DAV/1.0.3 PHP/4.1.2 mod_perl/1.26 mod_gzip/1.3.26.1a © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
  • 18. Content Injection © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
  • 19. Rogue Video Display © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
  • 20. Spoofing News Tickers © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
  • 21. Attacks on DNS © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
  • 22. Possilbe Attacks (Javascript) • OIPF Objects – contain device specific (and maybe personal) information (see Open IPTV Forum standard) like channel lists etc. – not everything from standard is implemented • HTML/JavaScript – time-based scan of home networks – transmit information to arbitrary inet location – You name it! • Recycle known malicious javascript code! – Google Dorks © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
  • 23. © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
  • 24. Countermeasures © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
  • 25. Unplug SmartTV © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
  • 26. Use a Firewall © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
  • 27. Block Domain Name Service © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
  • 28. HAL – To Serve & Protect © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
  • 29. Thank You! Find more on: © 2013, n.runs professionals GmbH – Security Research Team blog.nruns.com Martin Herfurt