Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://qoto.org/users/lupyuen/statuses/109144532862912187">Lup Yuen Lee 李立源 (lupyuen@qoto.org)'s status on Tuesday, 11-Oct-2022 01:54:04 JST</a><a href="https://qoto.org/@lupyuen" title="lupyuen@qoto.org"><img src="https://gnusocial.jp/avatar/4878-48-20220812234138.webp" width="48" height="48" alt="Lup Yuen Lee 李立源" style="position: absolute; left: 0; top: 0;">Lup Yuen Lee 李立源</a></section><article><p>"we systematically analyzed the security of<br>wireless communications between Smart TVs and their<br>Remote Controls, and based on this analysis proposed a<br>new attack, EVILSCREEN Attack, which exploits insecure<br>multi-channel remote control communication"</p><p><a href="https://arxiv.org/abs/2210.03014" rel="nofollow noreferrer">https://arxiv.org/abs/2210.03014</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/248770#notice-441252">In conversation</a><time datetime="2022-10-11T01:54:04+09:00" title="Tuesday, 11-Oct-2022 01:54:04 JST">Tuesday, 11-Oct-2022 01:54:04 JST</time> <span>from <span><a href="https://qoto.org/@lupyuen/109144532862912187" rel="external" title="Sent from qoto.org via ActivityPub">qoto.org</a></span></span><a href="https://qoto.org/@lupyuen/109144532862912187">permalink</a><h4>Attachments</h4><ol><li><article><header><div>Domain not in remote thumbnail source whitelist: static.arxiv.org</div><h5><a href="https://arxiv.org/abs/2210.03014">EvilScreen Attack: Smart TV Hijacking via Multi-channel Remote Control Mimicry</a></h5><div></div></header><div>Modern smart TVs often communicate with their remote controls (including
those smart phone simulated ones) using multiple wireless channels (e.g.,
Infrared, Bluetooth, and Wi-Fi). However, this multi-channel remote control
communication introduces a new attack surface. An inherent security flaw is
that remote controls of most smart TVs are designed to work in a benign
environment rather than an adversarial one, and thus wireless communications
between a smart TV and its remote controls are not strongly protected.
Attackers could leverage such flaw to abuse the remote control communication
and compromise smart TV systems. In this paper, we propose EvilScreen, a novel
attack that exploits ill-protected remote control communications to access
protected resources of a smart TV or even control the screen. EvilScreen
exploits a multi-channel remote control mimicry vulnerability present in today
smart TVs. Unlike other attacks, which compromise the TV system by exploiting
code vulnerabilities or malicious third-party apps, EvilScreen directly reuses
commands of different remote controls, combines them together to circumvent
deployed authentication and isolation policies, and finally accesses or
controls TV resources remotely. We evaluated eight mainstream smart TVs and
found that they are all vulnerable to EvilScreen attacks, including a Samsung
product adopting the ISO/IEC security specification.</div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Lup Yuen Lee 李立源 (lupyuen@qoto.org)'s status on Tuesday, 11-Oct-2022 01:54:04 JST Lup Yuen Lee 李立源
"we systematically analyzed the security of
wireless communications between Smart TVs and their
Remote Controls, and based on this analysis proposed a
new attack, EVILSCREEN Attack, which exploits insecure
multi-channel remote control communication"
https://arxiv.org/abs/2210.03014
In conversationTuesday, 11-Oct-2022 01:54:04 JST from qoto.orgpermalink
Attachments
1. Domain not in remote thumbnail source whitelist: static.arxiv.org
  EvilScreen Attack: Smart TV Hijacking via Multi-channel Remote Control Mimicry
  Modern smart TVs often communicate with their remote controls (including those smart phone simulated ones) using multiple wireless channels (e.g., Infrared, Bluetooth, and Wi-Fi). However, this multi-channel remote control communication introduces a new attack surface. An inherent security flaw is that remote controls of most smart TVs are designed to work in a benign environment rather than an adversarial one, and thus wireless communications between a smart TV and its remote controls are not strongly protected. Attackers could leverage such flaw to abuse the remote control communication and compromise smart TV systems. In this paper, we propose EvilScreen, a novel attack that exploits ill-protected remote control communications to access protected resources of a smart TV or even control the screen. EvilScreen exploits a multi-channel remote control mimicry vulnerability present in today smart TVs. Unlike other attacks, which compromise the TV system by exploiting code vulnerabilities or malicious third-party apps, EvilScreen directly reuses commands of different remote controls, combines them together to circumvent deployed authentication and isolation policies, and finally accesses or controls TV resources remotely. We evaluated eight mainstream smart TVs and found that they are all vulnerable to EvilScreen attacks, including a Samsung product adopting the ISO/IEC security specification.

Public

Embed Notice

HTML Code

Corresponding Notice