SDR Against Smart TVs: URL and Channel Injection Attacks

Conference: Defcon 27

2019-08-01

Summary

The presentation discusses the lack of authentication in various technologies and the need for increased security measures in smart TVs.

The lack of authentication in radio frequency, GPS, and mobile networks makes them vulnerable to attacks.
Smart TVs also lack proper security measures and need to have secure browsers and operating systems.
The presenter demonstrates how to inject a poisoned video and modify URLs through ARP poisoning and Metasploit.
The anecdote highlights the ease with which a user's browser can be compromised through a fake hook.
The main thesis is that increased authentication and security measures are necessary in various technologies to prevent cyber attacks.

The presenter demonstrates how a user's browser can be compromised through a fake hook. The user opens their favorite newspaper and unknowingly allows the hook to access their browser. This highlights the ease with which a user's browser can be compromised and the need for increased security measures.

Abstract

Software-defined-radio has revolutionized the state of the art in IoT security and especially one of the most widespread devices: Smart TV. This presentation will show in detail the HbbTV platform of Smart TV, to understand and demonstrate two attacks on these televisions using low cost SDR devices: TV channel and HbbTV server impersonation (channel and URL injection). This last attack will allow more sophisticated remote attacks: social engineering, keylogging, crypto-mining, and browser vulnerability assessment.

Materials:

Slides

Tags: