Attacking the Internet Using Broadcast Digital Television

In the attempt to bring modern broadband Internet features to traditional broadcast television, the Digital Video Broadcasting (DVB) consortium introduced a specification called Hybrid Broadcast-Broadband Television (HbbTV), which allows broadcast streams to include embedded HTML content that is rendered by the television. This system is already in very wide deployment in Europe and has recently been adopted as part of the American digital television standard. Our analyses of the specifications, and of real systems implementing them, show that the broadband and broadcast systems are combined insecurely. This enables a large-scale exploitation technique with a localized geographical footprint based on Radio Frequency (RF) injection, which requires a minimal budget and infrastructure and is remarkably difficult to detect. In this article, we present the attack methodology and a number of follow-on exploitation techniques that provide significant flexibility to attackers. Furthermore, we demonstrate that the technical complexity and required budget are low, making this attack practical and realistic, especially in areas with high population density: In a dense urban area, an attacker with a budget of about 450 can target more than 20,000 devices in a single attack. A unique aspect of this attack is that, in contrast to most Internet of Things/Cyber-Physical System threat scenarios, where the attack comes from the data network side and affects the physical world, our attack uses the physical broadcast network to attack the data network.

[1]  Lorrie Faith Cranor,et al.  Crying Wolf: An Empirical Study of SSL Warning Effectiveness , 2009, USENIX Security Symposium.

[2]  Sven Dietrich,et al.  SkyNET: A 3G-Enabled Mobile Attack Drone and Stealth Botmaster , 2011, WOOT.

[3]  Erik Tews,et al.  A privacy protection system for HbbTV in Smart TVs , 2014, 2014 IEEE 11th Consumer Communications and Networking Conference (CCNC).

[4]  Angelos D. Keromytis,et al.  A Comprehensive Survey of Voice over IP Security Research , 2012, IEEE Communications Surveys & Tutorials.

[5]  Erik Tews,et al.  HbbTV - I Know What You Are Watching , 2013 .

[6]  Adam Barth,et al.  The Web Origin Concept , 2011, RFC.

[7]  Collin Jackson,et al.  Robust defenses for cross-site request forgery , 2008, CCS.

[8]  Angelos D. Keromytis,et al.  From the Aether to the Ethernet - Attacking the Internet using Broadcast Digital Television , 2014, USENIX Security Symposium.

[9]  Jan Servaes,et al.  European Broadcasting Union , 2004 .

[10]  David Brumley,et al.  GPS software attacks , 2012, CCS.

[11]  Periklis Akritidis,et al.  Puppetnets: Misusing Web Browsers as a Distributed Attack Infrastructure , 2008, TSEC.

[12]  Média tudományok Advanced Television Systems Committee , 2010 .

[13]  Vern Paxson,et al.  Trafficking Fraudulent Accounts: The Role of the Underground Market in Twitter Spam and Abuse , 2013, USENIX Security Symposium.

[14]  Elisabeth Buffard,et al.  VLC Media Player , 2012 .

[15]  Thorsten Holz,et al.  Tracking DDoS Attacks: Insights into the Business of Disrupting the Web , 2012, LEET.

[16]  Hovav Shacham,et al.  Comprehensive Experimental Analyses of Automotive Attack Surfaces , 2011, USENIX Security Symposium.

[17]  Ben Stock,et al.  Eradicating DNS Rebinding with the Extended Same-origin Policy , 2013, USENIX Security Symposium.

[18]  Ravi Sandhu,et al.  ACM Transactions on Information and System Security: Editorial , 2005 .

[19]  Martin Johns,et al.  Protecting the Intranet Against "JavaScript Malware" and Related Attacks , 2007, DIMVA.

[20]  Lamont Wood,et al.  Google, Inc. , 2005, Scientific American.