jump to navigation

IR DoS: Wake Up! January 13, 2008

Posted by fvter in Security, Technology.

 A lot of virtual ink has flowed on the confession from Gizmodo regarding the stunt they pulled with TV-B-Gone utility with most of the articles appearing recently describing from unprofessional to a crime. Now before I continue, I would like to make a small disclaimer: «I don’t condone what happened, don’t approve it and certainly would not recommend this be done».

What Gizmodo pulled demonstrates a very basic DoS (denial of service) attack. The DoS is achievable because of the ease in which it is possible to obtain the right control codes. The prime issues are based on the fact that most of these systems work with «open» and well documented standards (e.g. many manufactures always use the same code for turning off their devices thus a controller from one manufacturer is able to turn off different  devices from that same manufacturer) as well as a primal flaw in wireless communications protocols security. TV-B-Gone like a universal remote works on the premise that it is easy to learn, store and replay the remote controls IR sequences. These sequences are equal to the codes that control the target device.

So where is the problem: The receiving device does not validate the issuer… The receiver in fact is an open listen mode thus any IR sequence that is correctly formatted and contains the right code will active the associated command. There is in fact no handshaking or confirmation between the receiver and the emitter.

In their DoS Attack, Gizmodo demonstrated that this one way command issuance process is in fact a big security flaw and could be avoided by not using such an open unidirectional protocol. Manufacturer could in fact avoid openness through simple methods such as encrypting the protocol, using a handshake protocol, using a knocking protocol or some other form of authentication between the transmitter and the receiver.

Unfortunately this then becomes a debate between security, complexity, cost to produce and return on investment. This attack may actually wake manufacturers up and decide to actually address this flaw! To demonstrate how serious this can eventually get, it appears a kid in Poland managed to crash the trams with an IR hack.



No comments yet — be the first.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: