• Benjamin MichéleEmail author
Part of the SpringerBriefs in Computer Science book series (BRIEFSCOMPUTER)


A billion households worldwide receive digital television, employing broadcast standards such as Digital Video Broadcasting (DVB). Interactive applications can be signaled and transported using the widely deployed Hybrid Broadcast Broadband Television (HbbTV) standard. The DVB and HbbTV standards, however, lack mandatory authentication and integrity mechanisms for the transmitted data. This allows a remote attacker to replace legitimate broadcasts by overpowering the regular radio signal. The attacker-controlled signal can then deliver, e.g., a malicious HbbTV application, which in turn can be used to exploit local security vulnerabilities on Smart TVs (STV) in range. To the best of our knowledge, this work is the first to practically demonstrate that modern STVs can be compromised remotely by malware transmitted over-the-air using DVB systems. A proof-of-concept and several experiments are developed to assess important real-world properties of DVB-assisted attacks. New results on the reach of such an attack and its detectability are presented, which are used to propose an efficient protection scheme to secure existing and future HbbTV-enabled receivers.


Code Rate Digital Video Broadcasting Transport Stream Broadcast Station Elementary Stream 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Associação Brasileira de Normas Técnicas. Digital terrestrial television – Data coding and transmission specification (ABNT NBR 15606), 2015.Google Scholar
  2. 2.
    Australian Communications and Media Authority. Digital television terrestrial self-help retransmission services, 2014.
  3. 3.
    Avalpa. OpenCaster, Sept. 2013.
  4. 4.
    A. Barth. HTTP state management mechanism, April 2011. RFC6265.Google Scholar
  5. 5.
    A. Barth. The web origin concept, December 2011. RFC6454.Google Scholar
  6. 6.
    CEA. CEA-2014 revision A - Web-based Protocol and Framework for Remote User Interface on UPnP Networks and the Internet (Web4CE). Consumer Electronics Association, Jan. 2007.Google Scholar
  7. 7.
    Deutsche TV-Plattform. Wachstumsmarkt Smart-TV und HbbTV in Deutschland, Apr. 2015.
  8. 8.
    Digital TV Research. Digital TV world household databook. June 2014.Google Scholar
  9. 9.
    ETSI. Digital Video Broadcasting (DVB); Framing structure, channel coding and modulation for 11/12 GHz satellite services (EN 300 421 V1.1.2). European Telecommunications Standards Institute, Aug. 1997.Google Scholar
  10. 10.
    ETSI. Digital Video Broadcasting (DVB); Framing structure, channel coding and modulation for cable systems (EN 300 429 V1.2.1). European Telecommunications Standards Institute, Apr. 1998.Google Scholar
  11. 11.
    ETSI. Digital Video Broadcasting (DVB); Framing structure, channel coding and modulation for digital terrestrial television (EN 300 744 V1.6.1). European Telecommunications Standards Institute, Jan. 2009.Google Scholar
  12. 12.
    ETSI. Digital Video Broadcasting (DVB); Multimedia Home Platform (MHP) Specification 1.2.2 (TS 102 727 V1.1.1), Jan. 2010.Google Scholar
  13. 13.
    ETSI. Digital Video Broadcasting (DVB); Signalling and carriage of interactive applications and services in Hybrid broadcast/broadband environments (TS 102 809 V1.1.1). European Telecommunications Standards Institute, Jan. 2010.Google Scholar
  14. 14.
    ETSI. Hybrid Broadcast Broadband TV (TS 102 796 V1.1.1). European Telecommunications Standards Institute, June 2010.Google Scholar
  15. 15.
    ETSI. Digital Video Broadcasting (DVB); Implementation guidelines for DVB terrestrial services; Transmission aspects (TR 101 190 V1.3.2). European Telecommunications Standards Institute, May 2011.Google Scholar
  16. 16.
    ETSI. Hybrid Broadcast Broadband TV (TS 102 796 V1.2.1). European Telecommunications Standards Institute, Nov. 2012.Google Scholar
  17. 17.
    ETSI. MHEG-5 Broadcast Profile (ES 202 184 V2.3.1). European Telecommunications Standards Institute, Jan. 2013.Google Scholar
  18. 18.
    ETSI. Digital Video Broadcasting (DVB); Specification for the use of Video and Audio Coding in Broadcasting Applications based on the MPEG-2 Transport Stream (TS 101 154 V2.1.1). European Telecommunications Standards Institute, Mar. 2015.Google Scholar
  19. 19.
    W. Fischer. Digital Video and Audio Broadcasting Technology. Springer, Heidelberg, 3rd edition, 2010.CrossRefGoogle Scholar
  20. 20.
    J. Fritz. Satellite hacking: A guide for the perplexed. Culture Mandala: The Bulletin of the Centre for East-West Cultural and Economic Studies, 10(1):3, 2013.
  21. 21.
    M. Ghiglieri, F. Oswald, and E. Tews. HbbTV – I know what you are watching. In 13. Deutscher IT-Sicherheitskongress. SecuMedia Verlags-GmbH, May 2013.Google Scholar
  22. 22.
    M. Ghiglieri and E. Tews. A privacy protection system for HbbTV in Smart TVs. In 11th Consumer Communications and Networking Conference (CCNC), pages 357–362. IEEE, Jan. 2014.Google Scholar
  23. 23.
    HbbTV Association. ETSI TS 102 796 V1.2.1 Errata 2, Aug. 2014.
  24. 24.
    HbbTV Association. Hbbtv 2.0 specification. Feb. 2015.
  25. 25.
  26. 26.
    HbbTV Forum Nederland. Specification for use of HbbTV in the Netherlands Version 1.0.
  27. 27.
    M. Herfurt. Security concerns with HbbTV. Blog post, Martin Herfurt’s Blog, June 2013.
  28. 28.
    ISO/IEC. Information technology - Generic coding of moving pictures and associated audio information - Part 3: Audio (13818–3:1998), Apr. 1998.Google Scholar
  29. 29.
    ISO/IEC. Information technology - Generic coding of moving pictures and associated audio information - Part 1: Systems (13818–1:2013), June 2013.Google Scholar
  30. 30.
    ISO/IEC. Information technology - Generic coding of moving pictures and associated audio information - Part 2: Video (13818–2:2013), Oct. 2013.Google Scholar
  31. 31.
    ITU. Planning criteria, including protection ratios, for digital terrestrial television services in the VHF/UHF bands (Recommendation ITU-R BT.1368-12). International Telecommunications Union, Feb. 2015.Google Scholar
  32. 32.
    T. Klein. A Bug Hunter’s Diary. A Guided Tour Through the Wilds of Software Security. No Starch Press, 1st edition, Nov. 2011.Google Scholar
  33. 33.
  34. 34.
    U. Meyer and S. Wetzel. On the impact of GSM encryption and man-in-the-middle attacks on the security of interoperating GSM/UMTS networks. In 15th IEEE International Symposium on Personal, Indoor and Mobile Radio Communications (PIMRC), volume 4, pages 2876–2883. IEEE, 2004.Google Scholar
  35. 35.
    B. Michéle and A. Karpow. Watch and be watched: Compromising all Smart TV generations. In Proceedings of the 11th Consumer Communications and Networking Conference (CCNC), pages 351–356. IEEE, Jan. 2014.Google Scholar
  36. 36.
    Open IPTV Forum. Open IPTV Forum Release 1 Specification Volume 5 – Declarative Application Environment V1.2, Sept. 2012.Google Scholar
  37. 37.
    Y. Oren and A. D. Keromytis. From the aether to the ethernet - Attacking the Internet using broadcast digital television. In Proceedings of the 23rd USENIX Security Symposium (USENIX Security ’14), San Diego, CA, Aug. 2014. USENIX Association.Google Scholar
  38. 38.
    C. Perez-Vega, J. L. García, and J. M. L. Higuera. A simple and efficient model for indoor path-loss prediction. Measurement Science and Technology, 8(10):1166–1173, 1997.Google Scholar
  39. 39.
    A. Perrig and J. D. Tygar. Secure Broadcast Communication. In Wired and Wireless Networks. Springer, 2003.CrossRefGoogle Scholar
  40. 40.
    C. Pérez-Vega and J. L. García. Frequency behavior of a power-law path loss model. In Proceedings of the 10th Microcoll, Budapest, Hungary, Mar. 1999.Google Scholar
  41. 41.
    T. S. Rappaport. Wireless Communications: Principles and Practice. Prentice Hall Communications Engineering and Emerging Technologies Series. Prentice Hall PTR, 2nd edition, 2002.Google Scholar
  42. 42.
    U. Reimers, editor. DVB - Digitale Fernsehtechnik. Datenkompression und Übertragung. Springer, 3rd edition, 2008.Google Scholar
  43. 43.
    B. Schneier. Secrets & Lies: Digital Security in a Networked World. Wiley, New York, 1st edition, 2000.Google Scholar
  44. 44.
    S. Y. Seidel, T. S. Rappaport, S. Jain, M. L. Lord, and R. Singh. Path loss, scattering and multipath delay statistics in four European cities for digital cellular and microcellular radiotelephone. Vehicular Technology, IEEE Transactions on, 40(4):721–730, 1991.CrossRefGoogle Scholar
  45. 45.
    SevenOne Media. Connected TV reach May 2015., June 2015.
  46. 46.
    Small Media. Satellite jamming in Iran: A war over airwaves. Nov. 2012.
  47. 47.
    Task Force DVB-T Deutschland von ARD und ZDF, Institut für Rundfunktechnik München. Sender- und Programmliste Deutschland., Aug. 2014.
  48. 48.
    TNS Infratest. Digitalisierungsbericht 2014: Daten und Fakten. Technical report, Die Medienanstalten, July 2014.
  49. 49.
    E. J. Tozer, editor. Broadcast Engineer’s Reference Book. Focal Press, 2004.Google Scholar
  50. 50.
    C. P. Williams. Explorations in Quantum Computing. Texts in Computer Science. Springer, 2010.zbMATHGoogle Scholar
  51. 51.
    World Wide Web Consortium.

Copyright information

© The Author(s) 2015

Authors and Affiliations

  1. 1.Security in TelecommunicationsTechnische Universität BerlinBerlinGermany

Personalised recommendations