Not so Smart: On Smart TV Apps

Niemietz, Marcus; Somorovsky, Juraj; Mainka, Christian; Schwenk, Jörg

doi:10.1109/siot.2015.13

Cited by 11 publications

(8 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The online firmware upgrade achieved by impersonating Samsung's update servers was described in [50]. Those and many other examples [14,[51][52][53][54] clearly illustrate the rising importance of security on Smart TV devices.…”

Section: Related Workmentioning

confidence: 99%

Automatic Symbol Resolution on Embedded Platforms by the Example of Smart TV Device

Majchrowicz

Duch

2021

Applied Sciences

View full text Add to dashboard Cite

Smart TV devices are gaining increasingly more popularity. Due to their nature, Smart TVs can access a lot of sensitive data. This is one of the reasons why the Smart TV has become a popular target of hacking recently. Manufacturers try to make such attacks more difficult, and one of the methods they use is the removal of symbols from the firmware. In principle, this would prevent or significantly hinder the preparation of malwares or homebrew that could run on different firmware versions. This article is focused on developing algorithms for automatic symbol resolution. We proposed two automatic symbol resolution methods designed for Smart TVs. Presented methods were tested on the firmwares of the most popular Smart TV manufacturers’, Samsung and LG, devices. Furthermore, an original framework is presented, which automatically locates the desired function in the binaries based on characteristic strings used in or near searched function. The developed framework is commonly used by homebrew developers (e.g., SamyGO) and releases developers from hardcoding function’s addresses for different firmwares.

show abstract

Section: Related Workmentioning

confidence: 99%

Automatic Symbol Resolution on Embedded Platforms by the Example of Smart TV Device

Majchrowicz

Duch

2021

Applied Sciences

View full text Add to dashboard Cite

show abstract

“…To gain the full benefits from smart TV, it must be connected to the public network (Internet), creating security and privacy for hackers and spammers [124]. However, privacy and security issues are critical problems in a smart TV.…”

Section: User Privacy and Security Issuesmentioning

confidence: 99%

Smart TV-Based Lifelogging Systems: Current Trends, Challenges, and the Road Ahead

Khan

Khusro

Alam

2021

Information and Knowledge in Internet of Things

View full text Add to dashboard Cite

The phenomena of lifelogging can be described as "to digitally record the people's daily-life activities and events in varying amounts of detail" [1]. The lifelogging systems use various tools, applications, and devices, such as desktop computers, laptops, smartphones, wearable smart devices, biometric devices, and process the data for explaining the individual's daily-life activities [2]. This recorded information can offer the potential to mine or infer knowledge about life experiences and used for a variety of purposes including contextual recommendation, e-commerce, monitoring, memory augmentation, linking, summarization, contextual retrieval, browsing, the judicial system, searching, adaptive user interface, and analyzing user profiles [3]. Usually, these personalized devices captured a single user's events to help predict and find out different patterns, such as healthcare services, social network services, intelligent mirror services, and recommendation services. Moreover, a user must be actively involved during the lifelogging [4].Lifelogging is a form of pervasive computing. Users can digitally record, capture, store, archive, and process the individuals' complete life experiences in the form of multimodal through different sensors [5]. The main idea of lifelogging to enhance the way people record and exchange their data, information, communication with others, and log into tools or devices [6]. Besides, the concept of lifelogging, to gain knowledge and data about someone, is just like automated biography. However, the lifelogging applications/tools of these devices have been used for single-user life experiences. For example, lifelogging applications and computer tools, such as Latent [7], have their own perspective of live experiences. However, these

show abstract

“…Within the scope of Smart TVs, Oren & Keromytis describe a method of compromising connected Smart TVs through Hybrid Broadcast-Broadband Television (HbbTV) and web-based code injections [19]. Related work from Niemietz et al, on Smart TVs explores the attacks on Smart TVs through app-based approach [18]. This work centers on TV embedded applications, and the security flaws which may come from vendor-specific apps.…”

Section: Related Workmentioning

confidence: 99%

HDMI-walk

Rondon

Babun

Akkaya

et al. 2019

Proceedings of the 35th Annual Computer Security Applications Conference

View full text Add to dashboard Cite

The High Definition Multimedia Interface (HDMI) is the backbone and the de-facto standard for Audio/Video interfacing between video-enabled devices. Today, almost tens of billions of HDMI devices exist in the world and are widely used to distribute A/V signals in smart homes, offices, concert halls, and sporting events making HDMI one of the most highly deployed systems in the world. An important component in HDMI is the Consumer Electronics Control (CEC) protocol, which allows for the interaction between devices within an HDMI distribution network. Nonetheless, existing network security mechanisms only protect traditional networking components, leaving CEC outside of their scope. In this work, we identify and tap into CEC protocol vulnerabilities, using them to implement realistic proof-of-work attacks on HDMI distribution networks. We study, how current insecure CEC protocol practices and carelessly implemented HDMI distributions may grant an adversary a novel attack surface for HDMI devices otherwise thought to be unreachable through traditional means. To introduce this novel attack surface, in this paper, we present HDMI-Walk, which opens a realm of remote and local CEC attacks to HDMI devices. Specifically, with HDMI-Walk, an attacker can perform malicious analysis of devices, eavesdropping, Denial of Service attacks, targeted device attacks, and even facilitate other well-known existing attacks through HDMI. With HDMI-Walk, we prove that it is feasible for an attacker to gain arbitrary control of HDMI devices. We demonstrate the implementations of both local and remote attacks with commodity HDMI devices including Smart TVs and Media Players. Our work aims to uncover vulnerabilities in a very well deployed system like HDMI distributions. The consequences of which can largely impact HDMI users as well as other systems which depend on these distributions. Finally, we discuss security mechanisms to provide impactful and comprehensive security evaluation to these real-world systems while guaranteeing deployability and providing minimal overhead, while considering the current limitations of the CEC protocol. To the best of our knowledge, this is the first work solely investigating the security of HDMI device distribution networks.• Security and privacy → Denial-of-service attacks; Distributed systems security; Denial-of-service attacks.

show abstract

Not so Smart: On Smart TV Apps

Cited by 11 publications

References 4 publications

Automatic Symbol Resolution on Embedded Platforms by the Example of Smart TV Device

Automatic Symbol Resolution on Embedded Platforms by the Example of Smart TV Device

Smart TV-Based Lifelogging Systems: Current Trends, Challenges, and the Road Ahead

HDMI-walk

Contact Info

Product

Resources

About