Cast Away: On the Security of DLNA Deployments in the SmartTV Ecosystem

Abstract

The casting service on SmartTV has been increasingly used for home entertainment and business, given the convenience offered in media broadcast and screen sharing. Among the underlying protocols that support TV cast, DLNA (Digital Living Networking Alliance) – established by a group of tech giants – has become a prevailing standard in the consumer market. Although DLNA has launched the market for years, concerns may arise about whether its real-world deployment has been clearly understood.In this work, we systematically evaluate the security of DLNA deployments in the SmartTV ecosystem. Specifically, we identify a series of critical security issues in the interactions between SmartTVs and casting apps on the smartphone, ranging from non-mandatory encryption to unauthorized file access. The identified security risks can be exploited by a malicious app on the victim’s phone, without requesting sensitive permissions, to launch multiple attacks, including arbitrary command execution, data theft, MITM (man-in-the-middle) attack, and DoS (denial-of-service) attack. To measure the impact of the identified security issues, we designed semi-automated analysis solutions to facilitate the measurements and conducted real-world experiments on 10 on-shelf TV boxes. The results show that most DLNA implementations of products and apps in the wild are insecure. In the end, we provide immediate improvement solutions to mitigate the identified security issues.