EvilScreen attack: Smart TV hijacking via multi-channel remote control mimicry
Modern smart TVs often communicate with their remote controls (including the smartphone simulated ones) using multiple wireless channels (e.g., Infrared, Bluetooth, and Wi-Fi). However, this multi-channel remote control communication introduces a new attack surface. An inherent security flaw is that...
Saved in:
Main Authors: | , , , , , |
---|---|
Format: | text |
Language: | English |
Published: |
Institutional Knowledge at Singapore Management University
2024
|
Subjects: | |
Online Access: | https://ink.library.smu.edu.sg/sis_research/9612 https://ink.library.smu.edu.sg/context/sis_research/article/10612/viewcontent/EvilScreen_av.pdf |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Institution: | Singapore Management University |
Language: | English |
id |
sg-smu-ink.sis_research-10612 |
---|---|
record_format |
dspace |
spelling |
sg-smu-ink.sis_research-106122024-11-23T15:52:15Z EvilScreen attack: Smart TV hijacking via multi-channel remote control mimicry ZHANG, Yiwei MA, Siqi CHEN, Tiancheng LI, Juanru DENG, Robert H. BERTINO, Elisa Modern smart TVs often communicate with their remote controls (including the smartphone simulated ones) using multiple wireless channels (e.g., Infrared, Bluetooth, and Wi-Fi). However, this multi-channel remote control communication introduces a new attack surface. An inherent security flaw is that remote controls of most smart TVs are designed to work in a benign environment rather than an adversarial one, and thus wireless communications between a smart TV and its remote controls are not strongly protected. Attackers can leverage such a flaw to abuse the remote control communication and compromise smart TV systems. In this paper, we propose EvilScreen, a novel attack that exploits ill-protected remote control communications to access protected resources of a smart TV or even control the screen. EvilScreen exploits a multi-channel remote control mimicry vulnerability present in today smart TVs. Unlike other attacks, which compromise the TV system by exploiting code vulnerabilities or malicious third-party apps, EvilScreen directly reuses commands of different remote controls, combines them together to circumvent deployed authentication and isolation policies, and finally accesses or controls TV resources remotely. We evaluated eight mainstream smart TVs and found that they are all vulnerable to EvilScreen attacks, including a Samsung product adopting the ISO/IEC security specification. 2024-07-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/9612 info:doi/10.1109/TDSC.2023.3286182 https://ink.library.smu.edu.sg/context/sis_research/article/10612/viewcontent/EvilScreen_av.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Smart TV remote control multi-channel authentication and authorization security analysis Graphics and Human Computer Interfaces Information Security |
institution |
Singapore Management University |
building |
SMU Libraries |
continent |
Asia |
country |
Singapore Singapore |
content_provider |
SMU Libraries |
collection |
InK@SMU |
language |
English |
topic |
Smart TV remote control multi-channel authentication and authorization security analysis Graphics and Human Computer Interfaces Information Security |
spellingShingle |
Smart TV remote control multi-channel authentication and authorization security analysis Graphics and Human Computer Interfaces Information Security ZHANG, Yiwei MA, Siqi CHEN, Tiancheng LI, Juanru DENG, Robert H. BERTINO, Elisa EvilScreen attack: Smart TV hijacking via multi-channel remote control mimicry |
description |
Modern smart TVs often communicate with their remote controls (including the smartphone simulated ones) using multiple wireless channels (e.g., Infrared, Bluetooth, and Wi-Fi). However, this multi-channel remote control communication introduces a new attack surface. An inherent security flaw is that remote controls of most smart TVs are designed to work in a benign environment rather than an adversarial one, and thus wireless communications between a smart TV and its remote controls are not strongly protected. Attackers can leverage such a flaw to abuse the remote control communication and compromise smart TV systems. In this paper, we propose EvilScreen, a novel attack that exploits ill-protected remote control communications to access protected resources of a smart TV or even control the screen. EvilScreen exploits a multi-channel remote control mimicry vulnerability present in today smart TVs. Unlike other attacks, which compromise the TV system by exploiting code vulnerabilities or malicious third-party apps, EvilScreen directly reuses commands of different remote controls, combines them together to circumvent deployed authentication and isolation policies, and finally accesses or controls TV resources remotely. We evaluated eight mainstream smart TVs and found that they are all vulnerable to EvilScreen attacks, including a Samsung product adopting the ISO/IEC security specification. |
format |
text |
author |
ZHANG, Yiwei MA, Siqi CHEN, Tiancheng LI, Juanru DENG, Robert H. BERTINO, Elisa |
author_facet |
ZHANG, Yiwei MA, Siqi CHEN, Tiancheng LI, Juanru DENG, Robert H. BERTINO, Elisa |
author_sort |
ZHANG, Yiwei |
title |
EvilScreen attack: Smart TV hijacking via multi-channel remote control mimicry |
title_short |
EvilScreen attack: Smart TV hijacking via multi-channel remote control mimicry |
title_full |
EvilScreen attack: Smart TV hijacking via multi-channel remote control mimicry |
title_fullStr |
EvilScreen attack: Smart TV hijacking via multi-channel remote control mimicry |
title_full_unstemmed |
EvilScreen attack: Smart TV hijacking via multi-channel remote control mimicry |
title_sort |
evilscreen attack: smart tv hijacking via multi-channel remote control mimicry |
publisher |
Institutional Knowledge at Singapore Management University |
publishDate |
2024 |
url |
https://ink.library.smu.edu.sg/sis_research/9612 https://ink.library.smu.edu.sg/context/sis_research/article/10612/viewcontent/EvilScreen_av.pdf |
_version_ |
1816859160689508352 |