Threats and Limitations of Terrestrial Broadcast Attacks

The DVB standard does not mandate the use of authentication and integrity protection for transport streams. This allows malicious third parties to replace legitimate broadcasts by overpowering terrestrial transmissions. The rogue signal can then deliver a malicious broadcast stream to exploit security vulnerabilities on Smart TVs (STVs) in range. We implemented a proof-of-concept attack based on a malicious Hybrid Broadcast Broadband TV app, able to acquire permanent system-level access to an STV over the air, in less than 10 s. These attacks, however, are severely limited in range due to required co-channel protection ratios (CCPRs), which is in direct contradiction to previous publications. We present evidence for these limitations in form of laboratory experiments, extensive simulations, and field measurements. To this end, we developed an automated, low-cost method for CCPR determination, as well as a method for non-disruptive attack range measurements based on a gap filler and the resulting channel impulse response.