Hybrid Broadcast Broadband Smart TV’s Face Hacker Threat

Modern televisions and set-top-boxes that have adopted the pan-European Hybrid Broadcast Broadband Television (HbbTV) specification, which supports Internet capable features like digital teletext, catch-up TV (IPTV), electronic programme guides, interactive advertising, games and more, could be vulnerable to a simple radio attack by hackers.

The HbbTV standard, which partly competes with the likes of YouView and is also supported by a number of devices and modern TV’s sold in the United Kingdom, can apparently be hacked by somebody who only needs access to the “roof of an appropriately located tall building” and a directional transmit antenna (directed toward the TVs under attack – potentially thousands of them at once).

But to reduce the attacker’s risk of capture and thus increase the effectiveness of the attack, the hacker could also install the relay equipment on a remote controlled-drone and fly it to an appropriate location. In all cases no Internet access is required by the attacker because their signal to access your device would instead be sent via carefully crafted broadcast (radio) messages, which the HbbTV standard is designed to intercept and understand.

According to a new report from the Network Security Lab at Columbia University (here), a hacker using this method could send malicious HbbTV payloads to the TV. The apps would be used to create applications that run “invisibly in the background” or which can completely take over the TV screen. As a result any personal details you might enter, as well as the functionality of the device itself, could be left vulnerable.

Similarly if the TV/device were connected to the Internet then it could be turned into a zombie style computer for launching simple Distributed Denial of Service (DDoS) style attacks against Internet websites and servers, as well as giving the attackers access to the owners local network.

Extract from the Security Paper

We have described a series of novel attacks on Smart TVs – a widely deployed device whose significance in our life is only likely to grow. The key enabling factor of this attack was the fact that the device can render Internet content whose source is outside the Internet. This makes it possible for a physical attacker to cause a large-scale compromise of the Internet. We qualitatively and quantitively demonstrated that the attacks we described can be cost-effectively distributed to many thousands of users, and that they have a large damage potential.

The attacks described in this paper are of high significance, not only because of the very large amount of devices which are vulnerable to them, but because they exemplify the complexity of securing systems-of-systems which combine both Internet and non-Internet interfaces. Similar cyberphysical systems will become increasingly more prevalent in the future Internet of Things, making it especially important to analyze the weaknesses in this system, as well as the limitations of its proposed countermeasures.

At this point you’re probably thinking “Oh the standards body for HbbTV will surely fix that..”, although a related story on the BBC suggests that they don’t currently consider this threat to be serious enough to require a re-write / update of the technology’s security.

Many people also thought that Wardriving would never take off (i.e. a mobile individual that hunts for wifi networks to exploit) but it did, although these days it’s a lot harder because fewer people are leaving their wifi networks open and most new devices/routers also enable reasonable security by default. Perhaps HbbTV are being somewhat short-sighted in waiting to see if the problem hurts before putting a plaster on it.