COMMSEC: Hacking into Broadband and Broadcast TV Systems

Many papers have highlighted critical security issues introduced by Smart TVs and the Hybrid Broadcast and Broadband TV protocol enclosed in DVB-T. From privacy issue to full take-over, it has been shown that Smart TVs introduce new attack vectors in home networks. In order to better understand and prevent an outsider compromising the network entering through the TV, a testbed is highly required for both wireless interfaces (DVB-T, Wi-Fi, Bluetooth) and the network interface (RJ45). In this talk, we explain how we used available tools to design and build a quick and dirty testbed for assessing efficiently the security of Smart TVs. As an additional outcome, we will present the vulnerabilities uncovered for an Android-based Smart TV.

The following payloads have been tested against specific targets leading to the discovery of 0 days:

  • Outdated browser full of public vulnerabilities
  • Denial-of-Service attacks against browser/TV
  • Miner spreading for cryptocurrency
  • Malicious MP4 files exploiting vulnerabilities
  • Fake news spreading
  • Fake crypto locker spreading
  • Using XMLHTTP requests/Websockets as relay in order to attack daemons running inside the TV
  • Using XMLHTTP requests/Websockets as relay in order to target devices located in the LAN(routers, NAS)
  • Using the Smart TV to participate in a DDoS attack
  • Using the Smart TV as a relay to Voice-enabled assistant devices (Amazon Echo, Google Home…)
  • SDT Parsing

COMMSEC TRACK
Location: Conf Track 3 / CommSec Date: November 27, 2018 Time: 5:00 pm - 5:30 pm Chaouki Kasmi Thomas Sabono Pierre Barre