Man-in-the-Middle Attacks

Protection of Smart TVs Supporting Interactivity

At its 85th meeting, the DVB Steering Board approved updates to TS 102 809 “Signaling and carriage of interactive applications and services in Hybrid broadcast/broadband environments” introducing an authentication mechanism to help prevent ‘Man-in-the-Middle Attacks’ in Smart TVs supporting interactivity.

This update was triggered by a security researcher demonstration showing that it was possible for attackers to modify the broadcast TV signal and so exploit bugs in the software of Smart TVs to gain control over the TV. A successful ’Man-in-the-Middle’ attack could enable a hacker to access TV features such as its camera, microphone, and potentially other devices connected to the set. The new version will provide additional security to interactive solutions like the HbbTV specification, which relies heavily on TS 102 809.

The updated specification enables broadcasters to add authentication information to the signaling of their interactive services. In essence, the television receiver learns the legitimate transmission on each channel and will then identify and reject any subsequent tampering. This provides an extra layer of defense for TV sets and their owners in addition to manufacturers’ activities to improve the security of their products.

Commenting on this important action by the Steering Board, DVB Chairman, Peter MacAvock said “Although ‘Man-in-the-Middle’ attacks have been demonstrated, there is little real-world evidence of such attacks. Even so, DVB acknowledges the potential risks, and has moved to address these with a comprehensive and appropriate specification to re-assure consumers and industry alike.”