Share this Article
Martin Herfurt, a European IT professional living near Salzburg who works for German IT-Security firm n.runs professionals, as well as has his own company, has written a very interesting blog post on his research on Connected TV security, in particular European EBU backed HbbTV(Hybrid Broadcast Broadband TV). He suggests that TV manufacturers do a lot more work to make the browsers secure and configurable by users. And he clearly proves why.
He writes that it's possible to execute a plethora of evil deeds on Connected TVs including WiFi eavesdropping, Fake Analytics, Content attacks (DVB/DSM-CC Injection, DNS Spoofing/Poisoning, Content Spoofing, Watering Hole Attacks), Fake News Tickers, Bitcoin Mining, Arbitrary Video Display, OIPF Objects and even using the TV to attack further components in user LAN Network.
He writes at his blog:
Until now, most of the security researchers working with connected TVs focused on security vulnerabilities related to physical access to the device’s USB port or local network access (ReVuln – The TV is watching you: Samsung 0-day, great CanSec Talk by SeungJin Lee and Seungjoo Kim). In the end of may, at the 13th German IT-Security Congress (organized by the German BSI) the first security paper related to HbbTV got published. In the paper published by the German TU Darmstadt (Marco Ghiglieri, Florian Oswald, Erik Tews), mostly privacy-related issues with the HbbTV standard were addressed. Since I also had some time for SmartTV research during the past two months, I will share my findings in this blog entry. These findings will confirm most of the findings of the aforementioned paper but also introduces attack vectors that become possible with HbbTV.
...As shown before, connecting HbbTV-capable Smart TVs to the home network is dangerous. Possibly malicious content is accessed and executed by the television when a user switches to an HbbTV enabled channel. So-called entertainment providers which provide content via HbbTV can be compromised by attackers or could be providing malicious content themselves that might lead to various attacks which are described in this blog post. Possible measures are mentioned that might help to mitigate the addressed privacy and security issues. Even though these measures cover the majority of the attack scenarios, not all of the risks can be mitigated. Still, the user has no means to tell whether the HbbTV content is authentic or not. Clearly, TV manufacturers seem to lack IT security know-how and have to learn from other industries in order to succeed.
This blog post is an effort to draw attention to this issue. The described attack scenarios are examples that help to show the severity of this topic. IMHO, it is just a matter of time before the attacks are spotted in the wild. At the time of writing, a few broadcast channels are already using IP geolocation services to target banner-like on-screen inserts. In this early stage of adoption, HbbTV is used by broadcast stations in many creative ways that might not only put the privacy of the users at stake but also raises security issues.
The HbbTV consortium is a pan‐European initiative aimed at providing an alternative to proprietary technologies and delivering an open platform for broadcasters to deliver value added on‐demand services to the end consumer.
The founding members of the HbbTV consortium consists of both television broadcasters and CE companies, meaning that there is a common goal of creating services that broadcasters wish to offer while meeting the capabilities of today's CE devices. The HbbTV steering group members are: Abertis Telecom, ANT Software Limited, Digital TV Labs, EBU (European Broadcasting Union), France Televisions, Institut für Rundfunktechnik GmbH, OpenTV Inc, Opera, Koninklijke Philips Electronics N.V Inc., RTL Group, Samsung, SES ASTRA S.A, Sony Corporation, Television Francaise 1 - TF1. The consortium is open for new members and seeks wide participation in order to foster the market introduction and continued developments.
HbbTV has a wide range of supporters from across the broadcaster and CE industries. Several countries worldwide, and in Europe in particular, have adopted the HbbTV standard and/or operated HbbTV services and trials. As at December 2011, HbbTV services are in regular operation in France, Germany and Spain, with announcements of adoption in Austria, Czech Republic, Denmark, Netherlands, Poland, Switzerland, Turkey, and trials in Australia, China, Japan, and the US. In 2010 German broadcaster RTL Television introduced a new information service, HD Text, making use of HbbTV and the CE-HTML user interface language and in 2012 launched an online music video service (Clipfish Music) on its HbbTV portal allowing access to TV viewers.
In 2011 the Dutch national public networks, Nederland 1, 2, and 3 began broadcasting HbbTV "red button" applications including an program guide and catch-up TV instead of developing separate apps for particular platforms.
In France, the government-owned public broadcaster, France Télévisions selected HbbTV for its interactive news, sports and weather service, and plans to add catch-up TV and social media sharing capability.International French news channel France 24 has announced that it will launch an HbbTV interactive news service in 2012 via the Astra 19.2°E satellites, with support from Orange and SES.
In November 2011 Spain's Ministry of Industry approved a document signed by 54 companies adopting the HbbTV standard and broadcasters, Mediaset España, Canal+ and Telefónica have run pilot services.
The first tests of HbbTV services in Poland were started by TVN in March 2012.
In the UK, most broadcasters have not adopted the HbbTV standard but Freesat, the free-to-air satellite TV service broadcast via Astra 28.2°E, has revealed that the second generation "G2" specification for Freesat receivers will use HbbTV, to take advantage of the digital TV chipsets being developed for that standard (but retaining MHEG-5 compatibility of the first generation Freesat receivers). While the Digital TV Group approved D-book 7, a detailed interoperability specification between digital terrestrial television and HbbTV based products and services.
In Nordic region (Denmark, Finland, Iceland, Norway and Sweden including Ireland) the NorDig standardization forum has adopted the HbbTV specification which replaces DVB-MHP as the common API for hybrid digital receivers. In Finland the national HDTV Forum will adopt the NorDig Unified Specification for Hybrid Services. The members of HDTV Forum see the HbbTV specification having a wide market acceptance supporting wide range of TV applications and new hybrid services. First HbbTV compatible receivers are expected to be available for consumers before Summer 2012.
In Switzerland the first HbbTV service, which is called RTS+, was launched on March 5 2013 on SRG SSR french speaking channels RTSun HD and RTSdeux HD. The service was developed by SwissTXT.
HbbTV also caught interest in the US, Argentina, Australia, Japan, China (which is conducting a trial) and Malaysia (where DVB-T2 broadcasting will soon start).