ciso-platform-annual-summit-2013-Attacks on smart tv
•
1 recomendación•2,475 vistas
Presented by Martin Herfurt at CISO Platform Annual Summit, 2013.Martin did a lot of work in the field of Bluetooth Security when he founded the trifinite.group in 2004. Currently, he is working for the German IT-Security firm n.runs professionals along with managing his new venture, toothR.
Recomendados
Recomendados
Más contenido relacionado
Similar a ciso-platform-annual-summit-2013-Attacks on smart tv
Similar a ciso-platform-annual-summit-2013-Attacks on smart tv (20)
Más de Priyanka Aash
Más de Priyanka Aash (20)
Último
Último (20)
ciso-platform-annual-summit-2013-Attacks on smart tv
- 1. Security Issues with Hybrid Broadcast Broadband TV (HbbTV) Watching TV suddenly is fun again! © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
- 2. Who am I • • • • • Martin Herfurt Security Consultant working with n.runs Co-founder of trifinite.org Bluetooth security expert @mherfurt © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
- 3. SmartTV Security Overview • December 2012: ReVuln - USB/Local attacks on SAMSUNG Smart TV • March 2013: CanSecWest – Smart TV Security (great talk, but excluding HbbTV stuff) (SeungJin Lee, Seungjoo Kim) • May 2013: (TU Darmstadt) HbbTV Privacy issues (Marco Ghiglieri, Florian Oswald, Erik Tews) • June 2013: Security Issues with HbbTV • August 2013: Attacking Smart TVs via apps (Aaron Grattafiori, Josh Yavor) © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
- 4. HbbTV Background • • • • Pan-European effort HbbTV = H4TV(fr) + HTML Profil(de) ETSI TS 102796 (published in June 2010) Adopts existing specifications – HTML-CE (Web for Consumer Electronics) – OIPF (Open IPTV Forum) • Goal is to combine broadcast content with online content © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
- 5. DVB Stream Plain Old DVB © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
- 6. Augmented DVB Stream Hybrid Broadband Broadcast TV © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
- 7. The Red Button © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
- 8. SevenOne Media © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
- 9. What you think you see © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
- 10. What you are really seeing © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
- 11. How is the Red Button displayed? • • • • TV has a DAE (Browser) Content from URL within DVB-Stream Overlay on actual TV image Mostly transparent web page © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
- 12. Data Collection • Extraction of channel list • Transparent proxy setup • Script for switching channels via IP © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
- 13. Stations with HbbTV on Astra 19.2E List was generated on 9th of may 2013 with no CI-modules except HD+ in use (e.g. no SKY) © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
- 14. Subset of Stations using Google Analytics RTL2 uses a service called etracker.com Sometimes mechanisms for periodical tracking in use (transparent page refresh) © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
- 15. Possible Injection Vectors ! Augmented DVB Stream ! ! ! © 2013, n.runs professionals GmbH – Security Research Team ! Martin Herfurt
- 16. What Would Dr. Evil Do? © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
- 17. Watering Hole Attacks – sometimes very likely Apache/1.3.27 (Unix) (Red-Hat/Linux) mod_ssl/2.8.12 OpenSSL/0.9.6b DAV/1.0.3 PHP/4.1.2 mod_perl/1.26 mod_gzip/1.3.26.1a © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
- 18. Content Injection © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
- 19. Rogue Video Display © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
- 20. Spoofing News Tickers © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
- 21. Attacks on DNS © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
- 22. Possilbe Attacks (Javascript) • OIPF Objects – contain device specific (and maybe personal) information (see Open IPTV Forum standard) like channel lists etc. – not everything from standard is implemented • HTML/JavaScript – time-based scan of home networks – transmit information to arbitrary inet location – You name it! • Recycle known malicious javascript code! – Google Dorks © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
- 23. © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
- 24. Countermeasures © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
- 25. Unplug SmartTV © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
- 26. Use a Firewall © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
- 27. Block Domain Name Service © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
- 28. HAL – To Serve & Protect © 2013, n.runs professionals GmbH – Security Research Team Martin Herfurt
- 29. Thank You! Find more on: © 2013, n.runs professionals GmbH – Security Research Team blog.nruns.com Martin Herfurt