HbbTV takes security very seriously. Security researchers who wish to disclose vulnerability in an HbbTV specification should contact firstname.lastname@example.org in order to enable a constructive engagement. Vulnerabilities associated with a specific manufacturer’s implementation of HbbTV should be reported to the manufacturer concerned but HbbTV can assist in facilitating this.
Tampering with the broadcast transmissions is currently an area of interest for security researchers. Whilst HbbTV does not define the specifications for broadcast transmission, we take this topic very seriously and work actively with the other standards organisations responsible such as the DVB project on such matters, as well as making revisions to our own specifications to protect users. Further relevant Information.
HbbTV Association Policy on Trust and Security
The HbbTV Association is committed to improving the security of services provided using HbbTV technology. The following policy guides HbbTV’s work:
- HbbTV will create a comprehensive set of specifications and guidelines that addresses security threats relevant to HbbTV. As new security threats appear, the HbbTV specifications will adopt countermeasures to these.
- The HbbTV Association in itself cannot act as a guarantor for the security of HbbTV services used in any given market as the security of any HbbTV deployment is reliant on the correct implementation of the HbbTV specifications (across the value chain from content provider to CE manufacturer) plus other elements of general internet and broadcast security that are outside the scope of the HbbTV specifications.
This means that, whilst it is entirely possible to build an end-to-end system based on HbbTV that consumers can use safely (e.g. for commercial transactions), neither the HbbTV Association nor its specifications can be the sole factor in determining the integrity of HbbTV deployments.