from the aether to the ethernet - attacking the internet using broadcast digital television yosef...
TRANSCRIPT
From the Aether to the Ethernet -Attacking the Internet using Broadcast Digital
Television
Yosef Oren, Angelos D. Keromytis
Vladimir Lambert
Smart TV
Hybrid Broadcast-Broadband Television (HbbTV)
- includes HTML in broadcast streams
- connected to Internet
Polls, custom adds, ...
HbbTV (Broadcast)
Works on top of the DVB (Digital Video Broadcasting) system
Data, metadata streams + more metadata Autostart broadcast dependent applications
(most commont form of content)
Application Information Table
includes URL or points to stream
What can application do?
Http requests Get info about running chanel Render content on top of the TV broadcast Replace broadcasted content
Not signal viewer it is running
Security
Some functions of terminal only for trusted apps Protecting DRM content
Broadcast stream explicitly defines its origin
Attack
Transmitted on the same frequency Can affect more channels
Is untraceable, invisible, unstoppable
Possible Attacks
DDoS Unauthenticated Request Forgery (script can
fully interact with content of page) Authenticated request forgery Intranet request forgery Phishing Exploit distribution
It is cheap
1.5 km2 for less tham 500$ 35 km2 for less tham 2000$
Impact depends on density of inhabitants
Countermesures
Crowdsource detercion of RF attacks Users controll over apps life-cycle Restrict broadcast delivered HTML content
Thank you for your attention
Bibliography
Yosef Oren, Angelos D. Keromytis. “From the Aether to the Ethernet - Attacking the Internet using Broadcast Digital Television”. In: Stanford University, Carnegie Mellon University. url: https://crypto.stanford.edu/~dabo/pubs/abstracts/pwdmgrBrowser.html.