Many papers have highlighted critical security issues introduced by Smart TVs and the Hybrid Broadcast and Broadband TV protocol enclosed in DVB-T. From privacy issue to full take-over, it has been shown that Smart TVs introduce new attack vectors in home networks. In order to better understand and prevent an outsider compromising the network entering through the TV, a testbed is highly required for both wireless interfaces (DVB-T, Wi-Fi, Bluetooth) and the network interface (RJ45). In this talk, we explain how we used available tools to design and build a quick and dirty testbed for assessing efficiently the security of Smart TVs. As an additional outcome, we will present the vulnerabilities uncovered for an Android-based Smart TV.
The following payloads have been tested against specific targets leading to the discovery of 0 days:
Outdated browser full of public vulnerabilities
Denial-of-Service attacks against browser/TV
Miner spreading for cryptocurrency
Malicious MP4 files exploiting vulnerabilities
Fake news spreading
Fake crypto locker spreading
Using XMLHTTP requests/Websockets as relay in order to attack daemons running inside the TV
Using XMLHTTP requests/Websockets as relay in order to target devices located in the LAN(routers, NAS)
Using the Smart TV to participate in a DDoS attack
Using the Smart TV as a relay to Voice-enabled assistant devices (Amazon Echo, Google Home…)
SDT Parsing