Tricking Android Smart Lock with BluetoothThe Smart Lock Feature allows Android users (Android version 5.0 and later) to automatically unlock their smartphone whenever a trusted device, Wi-Fi network or geo location is in close proximity. Trusted devices could either be NFC tags or Bluetooth devices. Looking at Bluetooth devices, it turned out that the Smart Lock implementation had at least one security issue that got resolved. Early implementations of Smart Lock implied that when a trusted Bluetooth device was connected to the phone it was safe to unlock the respective device. The method upon which the connected Bluetooth device was identified did miss an important point, though. Read the rest of this entry »

auditing_smarttvIn a recent assignment, I was asked to do an IT security audit of a Samsung Smart-TV app. It took me some time to find the (for me) ideal solution to do the audit with my usual setup of tools. Since Smart-TV apps are based on javascript, they run on a fancy browser in the Smart-TV device. Consequently, using the same auditing techniques for Smart-TV apps as for web applications makes sense.  So the goal was to get all the requests and responses from the emulator through a proxy – in my case BurpSuite. I hope to help fellow IT security auditors to save some time with this little write-up. Read the rest of this entry »

In the last blog-post on this blog,  I focussed on the use of Google analytics in HbbTV applications. After almost two months, the situation has changed quite a bit. Read the rest of this entry »

hbbtv_analyticsAfter yesterdays talk at 30C3, a very intersting question was asked by a person the audience. The question was, whether the stations that use Google analytics in order to track their viewers are using it in a legal way. In order to use Analytics legally, the tracking code has to be used with the anonymizeIp parameter. So I took some time and checked the stations red button pages in order to find out, whether the tracking code complies with the law. Read the rest of this entry »

spoooftickerSince attackers could modify the information that is being displayed on HbbTV capable SmartTVs, there is now a project that overlaps the news ticker section of some stations’ program. Read the rest of this entry »


HAL – to serve and protect

Major players in the entertainment industry specified a standard that defines a way for connected Smart TVs to access additional content from the Internet. This so-called HbbTV standard (Hybrid broadcast broadband Television) uses portions of the DVB broadcast stream (DSM-CC) in order to embed references to online resources. As it turned out, many HbbTV-capable devices offer little or no protection against malicious content that is eventually loaded down from the Internet by Smart TVs. Possible attack vectors are shown in my earlier Blog post.
Read the rest of this entry »


OMG – our Smart TV got pr0wn3d!

A large amount of the TV sets currently available for sale belong to the group of “Connected TVs” or “Smart TVs”. These devices have the capability to access the contents of online media libraries and allow users to access Internet-pages via an integrated web-browser. Mostly for the European market, the available devices have a feature called HbbTV. HbbTV stands for Hybrid Broadcast Broadband TV and defines a standard for TV sets to access station-specific online contents. Read the rest of this entry »