COMMSEC: Hacking into Broadband and Broadcast TV Systems

Many papers have highlighted critical security issues introduced by Smart TVs and the Hybrid Broadcast and Broadband TV protocol enclosed in DVB-T. From privacy issue to full take-over, it has been shown that Smart TVs introduce new attack vectors in home networks. In order to better understand and prevent an outsider compromising the network entering through the TV, a testbed is highly required for both wireless interfaces (DVB-T, Wi-Fi, Bluetooth) and the network interface (RJ45). In this talk, we explain how we used available tools to design and build a quick and dirty testbed for assessing efficiently the security of Smart TVs. As an additional outcome, we will present the vulnerabilities uncovered for an Android-based Smart TV.

The following payloads have been tested against specific targets leading to the discovery of 0 days:

• Outdated browser full of public vulnerabilities
• Denial-of-Service attacks against browser/TV
• Miner spreading for cryptocurrency
• Malicious MP4 files exploiting vulnerabilities
• Fake news spreading
• Fake crypto locker spreading
• Using XMLHTTP requests/Websockets as relay in order to attack daemons running inside the TV
• Using XMLHTTP requests/Websockets as relay in order to target devices located in the LAN(routers, NAS)
• Using the Smart TV to participate in a DDoS attack
• Using the Smart TV as a relay to Voice-enabled assistant devices (Amazon Echo, Google Home…)
• SDT Parsing