Attacking the internet using broadcast digital television

Yossef Oren, Angelos D Keromytis

ACM Transactions on Information and System Security (TISSEC) 17 (4), 1-27, 2015

In the attempt to bring modern broadband Internet features to traditional broadcast television, the Digital Video Broadcasting (DVB) consortium introduced a specification called Hybrid Broadcast-Broadband Television (HbbTV), which allows broadcast streams to include embedded HTML content that is rendered by the television. This system is already in very wide deployment in Europe and has recently been adopted as part of the American digital television standard. Our analyses of the specifications, and of real systems implementing them, show that the broadband and broadcast systems are combined insecurely. This enables a large-scale exploitation technique with a localized geographical footprint based on Radio Frequency (RF) injection, which requires a minimal budget and infrastructure and is remarkably difficult to detect. In this article, we present the attack methodology and a number of follow-on …