logo

SDR Against Smart TVs: URL and Channel Injection Attacks

Conference:  Defcon 27

2019-08-01

Summary

The presentation discusses the lack of authentication in various technologies and the need for increased security measures in smart TVs.
  • The lack of authentication in radio frequency, GPS, and mobile networks makes them vulnerable to attacks.
  • Smart TVs also lack proper security measures and need to have secure browsers and operating systems.
  • The presenter demonstrates how to inject a poisoned video and modify URLs through ARP poisoning and Metasploit.
  • The anecdote highlights the ease with which a user's browser can be compromised through a fake hook.
  • The main thesis is that increased authentication and security measures are necessary in various technologies to prevent cyber attacks.
The presenter demonstrates how a user's browser can be compromised through a fake hook. The user opens their favorite newspaper and unknowingly allows the hook to access their browser. This highlights the ease with which a user's browser can be compromised and the need for increased security measures.

Abstract

Software-defined-radio has revolutionized the state of the art in IoT security and especially one of the most widespread devices: Smart TV. This presentation will show in detail the HbbTV platform of Smart TV, to understand and demonstrate two attacks on these televisions using low cost SDR devices: TV channel and HbbTV server impersonation (channel and URL injection). This last attack will allow more sophisticated remote attacks: social engineering, keylogging, crypto-mining, and browser vulnerability assessment.

Materials:

Tags: