Weitere ähnliche Inhalte Ähnlich wie ciso-platform-annual-summit-2013-Attacks on smart tv (20) Mehr von Priyanka Aash (20) Kürzlich hochgeladen (20) ciso-platform-annual-summit-2013-Attacks on smart tv1. Security Issues with Hybrid
Broadcast Broadband TV
(HbbTV)
Watching TV suddenly is fun again!
© 2013, n.runs professionals GmbH – Security Research Team
Martin Herfurt
2. Who am I
•
•
•
•
•
Martin Herfurt
Security Consultant working with n.runs
Co-founder of trifinite.org
Bluetooth security expert
@mherfurt
© 2013, n.runs professionals GmbH – Security Research Team
Martin Herfurt
3. SmartTV Security Overview
• December 2012: ReVuln - USB/Local attacks
on SAMSUNG Smart TV
• March 2013: CanSecWest – Smart TV
Security (great talk, but excluding HbbTV
stuff) (SeungJin Lee, Seungjoo Kim)
• May 2013: (TU Darmstadt) HbbTV Privacy
issues (Marco Ghiglieri, Florian Oswald, Erik
Tews)
• June 2013: Security Issues with HbbTV
• August 2013: Attacking Smart TVs via apps
(Aaron Grattafiori, Josh Yavor)
© 2013, n.runs professionals GmbH – Security Research Team
Martin Herfurt
4. HbbTV Background
•
•
•
•
Pan-European effort
HbbTV = H4TV(fr) + HTML Profil(de)
ETSI TS 102796 (published in June 2010)
Adopts existing specifications
– HTML-CE (Web for Consumer Electronics)
– OIPF (Open IPTV Forum)
• Goal is to combine broadcast content
with online content
© 2013, n.runs professionals GmbH – Security Research Team
Martin Herfurt
5. DVB Stream
Plain Old DVB
© 2013, n.runs professionals GmbH – Security Research Team
Martin Herfurt
7. The Red Button
© 2013, n.runs professionals GmbH – Security Research Team
Martin Herfurt
9. What you think you see
© 2013, n.runs professionals GmbH – Security Research Team
Martin Herfurt
10. What you are really seeing
© 2013, n.runs professionals GmbH – Security Research Team
Martin Herfurt
11. How is the Red Button displayed?
•
•
•
•
TV has a DAE (Browser)
Content from URL within DVB-Stream
Overlay on actual TV image
Mostly transparent web page
© 2013, n.runs professionals GmbH – Security Research Team
Martin Herfurt
12. Data Collection
• Extraction of channel list
• Transparent proxy setup
• Script for switching channels via IP
© 2013, n.runs professionals GmbH – Security Research Team
Martin Herfurt
13. Stations with HbbTV on Astra
19.2E
List was generated on 9th of may 2013 with no CI-modules except HD+ in use (e.g. no SKY)
© 2013, n.runs professionals GmbH – Security Research Team
Martin Herfurt
14. Subset of Stations using
Google Analytics
RTL2 uses a service called etracker.com
Sometimes mechanisms for periodical tracking in use (transparent page refresh)
© 2013, n.runs professionals GmbH – Security Research Team
Martin Herfurt
16. What Would Dr. Evil Do?
© 2013, n.runs professionals GmbH – Security Research Team
Martin Herfurt
17. Watering Hole Attacks –
sometimes very likely
Apache/1.3.27 (Unix) (Red-Hat/Linux)
mod_ssl/2.8.12 OpenSSL/0.9.6b DAV/1.0.3
PHP/4.1.2 mod_perl/1.26
mod_gzip/1.3.26.1a
© 2013, n.runs professionals GmbH – Security Research Team
Martin Herfurt
21. Attacks on DNS
© 2013, n.runs professionals GmbH – Security Research Team
Martin Herfurt
22. Possilbe Attacks (Javascript)
• OIPF Objects
– contain device specific (and maybe personal)
information (see Open IPTV Forum standard) like
channel lists etc. – not everything from standard
is implemented
• HTML/JavaScript
– time-based scan of home networks
– transmit information to arbitrary inet location
– You name it!
• Recycle known malicious javascript code!
– Google Dorks
© 2013, n.runs professionals GmbH – Security Research Team
Martin Herfurt
23. © 2013, n.runs professionals GmbH – Security Research Team
Martin Herfurt
26. Use a Firewall
© 2013, n.runs professionals GmbH – Security Research Team
Martin Herfurt
27. Block Domain Name Service
© 2013, n.runs professionals GmbH – Security Research Team
Martin Herfurt
28. HAL – To Serve & Protect
© 2013, n.runs professionals GmbH – Security Research Team
Martin Herfurt
29. Thank You!
Find more on:
© 2013, n.runs professionals GmbH – Security Research Team
blog.nruns.com
Martin Herfurt