HbbTV (Hybrid broadband broadcast TV) is an emerging standard that is implemented in a growing number of smart TV devices. The idea is to bundle broadcast media content with online content which can be retrieved by the TV set through an Internet connection.
Mechanisms that allow the online content to be accessed by the TV set can be attacked and might put the TV user’s privacy at stake. The presentation highlights possible attack vectors of HbbTV-capable TV sets and introduces possible mitigations.
The Hybrid Broadcast Broadband TV consortium aims to define a standardized way on how content from so-called entertainment providers (e.g. broadcast stations, online media providers) is delivered on connected TVs. Starting as a Pan-European effort, the HbbTV consortium wants to create a globally adopted standard for hybrid entertainment services. Especially within the so-called Declarative Application Environment (DAE) – the HbbTV browser – another standard for connected TVs is being adopted: The Open IPTV Forum standard for Internet protocol TVs (IPTV). This standard seems to cover the device-specific part for Internet functionality.
This new standard in the entertainment industry is currently rolled out in an increasing number of countries in- and outside of Europe. Besides concerns about privacy, this technology also raises concerns about security. Possible attack vectors and possible mitigations are introduced in this presentation.