Doug Lung / RF Report
06.12.2014 03:42 PM
Researchers Succeed in Hijacking ‘Smart’ TVs
Little transmitter power needed to affect set operations
Although I've seen little interest so far in interactive TV, either off-air or via cable, the concept of giving viewers the ability to click on a link on their TV set and obtain additional information on a news item or product remains attractive. The concept is part of the ATSC 2.0 standard and has already been rolled out in Europe using the HbbTV (Hybrid Broadcast Broadband TV) standard.
Several news stories this week reported about a paper from Yossef Oren and Angelos Keromytis at the Network Security Lab at Columbia University which showed how someone could use a cheap antenna transmitting a modified TV signal to reach a smart TV that could do nasty things. These include directing it to a hacked website or to post messages as the viewer if the TV set were logged onto a site such as Facebook.
The hijack involves receiving an off-air broadcast, adding or modifying HbbTV data, and then re-transmitting the signal at sufficient power to replace the original signal at viewer’s antenna. The paper describes the hardware and software necessary to carry out an attack on a DVB-T signal.
Such a system would have to have sufficient isolation between the receive antenna picking up the unmodified signal and the antenna transmitting the nefarious HbbTV data, but the power required wouldn’t need to be that high. The paper says that one Watt could cover an area of about 1.4 square kilometers.
Even though the system analysis was based on DVB-T, the authors used New York City in their example. The researchers conducted a proof-of-concept lab experiment using an OEM DVB-T USB stick, a Linux computer with VLC, and a Dektec DTU-215 DVB modulator. The victim TV was a smart set manufactured in 2012 and running the manufacturer’s latest software.
Although the researchers used DVB-T, it seems the same approach would work with ATSC under certain circumstances.