A privacy protection system for HbbTV in Smart TVs

Ghiglieri, Marco; Tews, Erik

doi:10.1109/ccnc.2014.6866595

Cited by 22 publications

(29 citation statements)

References 2 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…A recent summary of security issues related to smart home IoT devices can be found in [3]. The research community is continuously working on identifying threats [13,16,19,31,38] and flaws in devices [17,21,27] and protocols [16,18,24,39].…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Packet-Level Signatures for Smart Home Devices

Trimananda

Varmarken

Markopoulou

et al. 2020

Proceedings 2020 Network and Distributed System Security Symposium

103

105

View full text Add to dashboard Cite

Smart home devices are vulnerable to passive inference attacks based on network traffic, even in the presence of encryption. In this paper, we present Ping-Pong, a tool that can automatically extract packetlevel signatures (i.e., simple sequences of packet lengths and directions) from the network traffic of smart home devices, and use those signatures to detect occurrences of specific device events (e.g., light bulb turning ON/OFF). We evaluated PingPong on popular smart home devices ranging from smart plugs to thermostats and home security systems. We have successfully: (1) extracted packet-level signatures from 18 devices (11 of which are the most popular smart home devices on Amazon) from 15 popular vendors, (2) used those signatures to detect occurrences of specific device events with an average recall of more than 97%, and (3) shown that the signatures are unique among tens of millions of packets of real world network traffic.

show abstract

Section: Related Workmentioning

confidence: 99%

“…In [40], the authors used the application source code to correlate Zigbee traffic and device events. Finally, as far as we know, the Wi-Fi sniffer threat model has not been widely studied: it has only been presented in [19] and [8].…”

Section: Related Workmentioning

confidence: 99%

Packet-Level Signatures for Smart Home Devices

Trimananda

Varmarken

Markopoulou

et al. 2020

Proceedings 2020 Network and Distributed System Security Symposium

103

105

View full text Add to dashboard Cite

show abstract

“…The first academic work to deal with security weaknesses in HbbTV was published by Tews et al in Ghiglieri and Tews [2014] and Ghiglieri et al [2013]. This work focused on potential privacy leaks resulting from the use of HbbTV.…”

Section: Related Workmentioning

confidence: 98%

“…As suggested by Tews in Ghiglieri and Tews [2014], these "green button" proxies can deliver "sanitized" versions of HbbTV applications to users after applying modifications that protect the security and privacy of the users. Unfortunately, these proxies are only effective as long as the HbbTV application itself lives on the Internet.…”

Section: Countermeasuresmentioning

confidence: 99%

Attacking the Internet Using Broadcast Digital Television

Oren

Keromytis

2015

ACM Trans. Inf. Syst. Secur.

View full text Add to dashboard Cite

In the attempt to bring modern broadband Internet features to traditional broadcast television, the Digital Video Broadcasting (DVB) consortium introduced a specification called Hybrid Broadcast-Broadband Television (HbbTV), which allows broadcast streams to include embedded HTML content that is rendered by the television. This system is already in very wide deployment in Europe and has recently been adopted as part of the American digital television standard. Our analyses of the specifications, and of real systems implementing them, show that the broadband and broadcast systems are combined insecurely. This enables a large-scale exploitation technique with a localized geographical footprint based on Radio Frequency (RF) injection, which requires a minimal budget and infrastructure and is remarkably difficult to detect. In this article, we present the attack methodology and a number of follow-on exploitation techniques that provide significant flexibility to attackers. Furthermore, we demonstrate that the technical complexity and required budget are low, making this attack practical and realistic, especially in areas with high population density: In a dense urban area, an attacker with a budget of about $450 can target more than 20,000 devices in a single attack. A unique aspect of this attack is that, in contrast to most Internet of Things/Cyber-Physical System threat scenarios, where the attack comes from the data network side and affects the physical world, our attack uses the physical broadcast network to attack the data network.

show abstract

“…However, in smart TVs, these interfaces can be used as a back channelthat is, data from the TV can be sent back to broadcasting stations. 6,9 …”

Section: Security and Privacymentioning

confidence: 99%

HbbTV Security and Privacy: Issues and Challenges

Ghiglieri

Waidner

2016

IEEE Secur. Privacy

Self Cite

View full text Add to dashboard Cite

Unlike PCs and mobile devices, smart TVs don't allow consumers to confi gure privacy and security options. A review of Hybrid Broadcast Broadband TV, which delivers Web content to smart TVs and settop boxes, considers the implications of this limitation.S mart entertainment devices such as TVs, game consoles, and Blu-ray players are gaining popularity in households worldwide. Smart technology o ers users extra features and convenience by connecting to the Internet, with third parties providing real-time information and content directly to users' devices.In this article, we focus on Hybrid Broadcasting Broadband TV (HbbTV), a standardized technique for providing video on demand and information services to smart TVs and set-top boxes. According to a recent report, international interest in HbbTV is growing steadily; 1 in 2014, 92 percent of Germany's smart TVs had HbbTV functionality. 2 Essentially, HbbTV presents Web content as an overlay on regular TV programs. Although standard Web browsers on PCs and mobile devices support privacy and security options such as "private mode" and cookie preferences, smart TVs don't let consumers con gure such options. Here, we describe HbbTV and discuss its implications for consumers' privacy and security. Security and Privacye evolution of smart TVs and set-top boxes has expanded the interactions possible between consumers and devices, with multiple consequences for security and privacy. We can split these interactive functionalities into vendor and HbbTV applications.Vendor applications aren't standardized that is, they di er from vendor to vendor and from device to device and therefore aren't generally assessable. As discussed in the "HbbTV Standard" sidebar, the Digital Video Broadcast (DVB) stream triggers HbbTV applications. A DVB-level a ack can manipulate an HbbTV URL or, if applications are transferred by a DSM-CC (Digital Storage Media Command and Control) object carousel, the entire application. Yossef Oren and Angelos Keromytis showed that an a ack on the DVB stream can cause multiple devices to receive malicious URLs or content. 3 Because the HbbTV standard supports overlays on currently running TV programs, it's possible for a phishing a ack to cover the entire screen with malicious content. Even large-scale a acks via so ware vulnerabilities in underlying components are plausible; for instance, Andrew Karpow and Benjamin Michéle demonstrated how an a ack can execute system commands on outdated media players via USB sticks. 4 In short, if an HbbTV application uses a vulnerable media player, other malicious applications can exploit it. 5 e rst devices with HbbTV 2.0 support are expected to appear in 2016. Because the HbbTV 2.0 standard will allow increased interaction between HbbTV applications and other devices such as tablets and smartphones, appropriate security measures must guarantee that the HbbTV device controls only authorized and approved devices.is increased device interaction poses security concerns. Malicious HbbTV applications could control devices conne...

show abstract

A privacy protection system for HbbTV in Smart TVs

Cited by 22 publications

References 2 publications

Packet-Level Signatures for Smart Home Devices

Packet-Level Signatures for Smart Home Devices

Attacking the Internet Using Broadcast Digital Television

HbbTV Security and Privacy: Issues and Challenges

Contact Info

Product

Resources

About