Exploiting smart TVs using the HbbTV protocol

Abstract

Hybrid Broadcast Broadband TV (HbbTV) is a protocol developed to combine standard television broadcasts with digital content over the Internet. With millions of supported devices around Europe, questions about the protocol's security arise. In this thesis, we analyze the security of HbbTV applications by doing practical experimental research on selected smart TVs. We first introduce the required background about smart TVs and HbbTV to the reader so that the reader can understand the problem. Afterward, we show the current state of the art on HbbTV and TV security. Further, we introduce the selected evaluation targets and analyze their software. Following that, we explain and demonstrate how to develop and deploy an HbbTV application. Subsequently, we use the knowledge from our analyses of the smart TVs and the HbbTV protocol to exploit smart TVs using HbbTV by following our proposed threat model. Based on that, we analyze the outcomes of the exploits for each of our evaluation targets. Furthermore, we discuss the results of our experiments and the limitations and propose further research topics to improve HbbTV security. We created an HbbTV-specific threat model, based on which we prepared possible attack scenarios to test. We tested the attacks on our selected targets of evaluation of different vendors and proved the feasibility of such attacks. Furthermore, we proved it is possible to scan the local network and send HTTP requests to other devices on the local network, broadening the attack surface.