What You See is Not What You Get

a Man-in-the-Middle Attack Applied to Video Channels

Conference paper (2022)

Authors

M. Conti Università degli Studi di Padova

Eleonora Losiouk Università degli Studi di Padova

Alessandro Visintin Università degli Studi di Padova

Affiliation

External organisation

HDMI Man-in-the-middle attack Video channel communication protocols

More Info

expand_more

To reference this document use:

http://resolver.tudelft.nl/uuid:8fae4c99-c4dc-48bb-8242-836029d74ed5

Published Date

2022

Language

English

Reuse Rights

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.

Affiliation

External organisation

Abstract

People usually think that digital screens are reliable devices. Unfortunately, attackers can exploit this blind trust to persuade a user to perform unintended actions. In this paper, we present a novel type of Man-in-the-Middle attack named Man-in-the-Video. Man-in-the-Video intercepts the video stream flowing between a computer and its screen and modifies it on-the-fly. The objective of such attack is to distort the perception of reality and to induce improper user behaviour. We implemented HackDMI, a Man-in-the-Video attack performed over an HDMI cable. We applied this attack to a realistic threat scenario (i.e., phishing) and we evaluated it with quantitative measures. HackDMI is able to deceptively modify a 720p video stream, while maintaining a frame-rate of 14FPS. We also recorded three demo videos for qualitative evaluation.