From the aether to the ethernet - Attacking the internet using broadcast digital television

Yossef Oren, Angelos D. Keromytis

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

33 Scopus citations

Abstract

In the attempt to bring modern broadband Internet features to traditional broadcast television, the Digital Video Broadcasting (DVB) consortium introduced a specification called Hybrid Broadcast-Broadband Television (HbbTV), which allows broadcast streams to include embedded HTML content which is rendered by the television. This system is already in very wide deployment in Europe, and has recently been adopted as part of the American digital television standard. Our analyses of the specifications, and of real systems implementing them, show that the broadband and broadcast systems are combined insecurely. This enables a large-scale exploitation technique with a localized geographical footprint based on radio frequency (RF) injection, which requires a minimal budget and infrastructure and is remarkably difficult to detect. Despite our responsible disclosure to the standards body, our attack was viewed as too expensive and with limited pay-off to the attackers. In this paper, we present the attack methodology and a number of follow-on exploitation techniques that provide significant flexibility to attackers. Furthermore, we demonstrate that the technical complexity and required budget are low, making this attack practical and realistic, especially in areas with high population density - in a dense urban area, an attacker with a budget of about $450 can target more than 20, 000 devices in a single attack. A unique aspect of this attack is that, in contrast to most Internet of Things/Cyber-Physical System threat scenarios where the attack comes from the data network side and affects the physical world, our attack uses the physical broadcast network to attack the data network.

Original languageEnglish
Title of host publicationProceedings of the 23rd USENIX Security Symposium
PublisherUSENIX Association
Pages353-368
Number of pages16
ISBN (Electronic)9781931971157
StatePublished - 1 Jan 2014
Externally publishedYes
Event23rd USENIX Security Symposium - San Diego, United States
Duration: 20 Aug 201422 Aug 2014

Publication series

NameProceedings of the 23rd USENIX Security Symposium

Conference

Conference23rd USENIX Security Symposium
Country/TerritoryUnited States
CitySan Diego
Period20/08/1422/08/14

Fingerprint

Dive into the research topics of 'From the aether to the ethernet - Attacking the internet using broadcast digital television'. Together they form a unique fingerprint.

Cite this