Archive for the ‘security’ Category


Tricking Android Smart Lock with BluetoothThe Smart Lock Feature allows Android users (Android version 5.0 and later) to automatically unlock their smartphone whenever a trusted device, Wi-Fi network or geo location is in close proximity. Trusted devices could either be NFC tags or Bluetooth devices. Looking at Bluetooth devices, it turned out that the Smart Lock implementation had at least one security issue that got resolved. Early implementations of Smart Lock implied that when a trusted Bluetooth device was connected to the phone it was safe to unlock the respective device. The method upon which the connected Bluetooth device was identified did miss an important point, though. (more…)


auditing_smarttvIn a recent assignment, I was asked to do an IT security audit of a Samsung Smart-TV app. It took me some time to find the (for me) ideal solution to do the audit with my usual setup of tools. Since Smart-TV apps are based on javascript, they run on a fancy browser in the Smart-TV device. Consequently, using the same auditing techniques for Smart-TV apps as for web applications makes sense.  So the goal was to get all the requests and responses from the emulator through a proxy – in my case BurpSuite. I hope to help fellow IT security auditors to save some time with this little write-up. (more…)


spoooftickerSince attackers could modify the information that is being displayed on HbbTV capable SmartTVs, there is now a project that overlaps the news ticker section of some stations’ program. (more…)


badge_small

HAL – to serve and protect

Major players in the entertainment industry specified a standard that defines a way for connected Smart TVs to access additional content from the Internet. This so-called HbbTV standard (Hybrid broadcast broadband Television) uses portions of the DVB broadcast stream (DSM-CC) in order to embed references to online resources. As it turned out, many HbbTV-capable devices offer little or no protection against malicious content that is eventually loaded down from the Internet by Smart TVs. Possible attack vectors are shown in my earlier Blog post.
(more…)


10789556_m

OMG – our Smart TV got pr0wn3d!

A large amount of the TV sets currently available for sale belong to the group of “Connected TVs” or “Smart TVs”. These devices have the capability to access the contents of online media libraries and allow users to access Internet-pages via an integrated web-browser. Mostly for the European market, the available devices have a feature called HbbTV. HbbTV stands for Hybrid Broadcast Broadband TV and defines a standard for TV sets to access station-specific online contents. (more…)