(stupid one) physical security of remotes?

[Michal Zalewski <lcamtuf () dione ids pl>]

Now, I have this ridiculous question about a topic that is not strictly
infosec-ish (at least not historically); still, this is probably the best
place to ask, so I'll go ahead...

It's not terribly important, but got me wondering while I was doing
research on something just remotely related to that topic.

The question is: has anyone at least semi-comprehensively researched and
reported on the potential for abuse of infrared remote control
communications in cable TV set-tops and various other appliances of this
nature?

Yeah, it is well-known and well-documented that various harmless pranks -
such as turning the device on or off - can be played with universal
remotes or computer-controlled transmitters (including high-output hacks
that could work over considerable distances, with no line-of-sight). In
fact, there are commercial products trying to capitalize on this
possibilitty [http://www.thinkgeek.com/gadgets/electronic/755e/].

What I couldn't find are reliable discussions of the opportunities for
going beyond mere annoyance - by causing actual financial harm or legal
trouble to single victims or entire communities. It's easy to think of
such attack scenarios, e.g.: a) in many hotels and using some set-top
boxes, it is possible to automatically order PPV or request other paid
services and have the customer automatically charged a hefty fee he'd have
a real hard time fighting off; b) more advanced digital TV boxes can be
reconfigured or even locked out to prevent use by owners; c) media center
appliances let you send out mails or attack websites (whoop!).

Granted, (a) in non-hotel situations can be mitigated by PIN requests, but
just how many people configure any PINs on settop boxes, unless they have
unruly kids...

I also couldn't find any information on efforts to remediate this, even
though many similar technologies had their flaws addressed in the meantime
(replay attacks on wireless car / garage entry, proximity card replay
attacks, snooping of wireless phones, networks, random bluetooth pairing,
RF keyboard attacks, etc).

I know there must be some anecdotal mentions of hotel PPV attacks, of
"heard something like that on CCC congress" variety - but have you seen
anything that indicates that vendors of such technologies are aware of
abuse potential, and did something (or dismissed the threat)?

Or is it really something that went unnoticed by the mainstream for all
these years? If anything, even if such attacks never occur to real people,
this would be a great way to duck your way out of the court - "but judge,
it wasn't me who sent out all these nastygrams from my nifty XP Media
Center gizmo!".

Mind you, I do not mean to claim this is a serious threat, nor a unique
one. I'm just curious, and surprised I couldn't Google anything up.

Cheers,
-- 
--------------------------- bash$ :(){ :|:&};: --
   Michal Zalewski * [http://lcamtuf.coredump.cx]
Don't look back, the lemmings are gaining on you!
----------------------------- 2005-12-09 18:27 --

       http://lcamtuf.coredump.cx/silence/