This week Understanding Network assignment is to do a packet sniffing on network. I tested both on Herbivore and Wireshark. For me, Herbivore is more user friendly, because it’s very straightforward, but with Wireshark, I could analyze more stuff (even though I was really overwhelmed by the data). I used Herbivore first to see all devices that connected to my router at home.
I looked into each device, and I found a suspicious data. Most of the packets were encrypted (there were a lock icon on it) but packets to/from api-global.netflix.com were not encrypted.
I was really curious why this happened. Then I used Wireshark to analyze more about the packets. First of all, I was very overwhelmed by all the data showed on Wireshark. But on Wireshark, there is a filter feature to narrow down the result. I believed that unencrypted packets run on HTTP since it’s not secure. So, I filtered only HTTP protocol.
I realized that that IP address referred to my Roku Smart TV. I got more curious about it. First of all, why doesn’t Roku Smart TV use HTTPS? I tried to dig deeper into the packet. It gave me this information, including the eXtensible Markup Language.
In XML data, I noticed that Roku uses DIAL protocol. DIAL is the network protocol used for these features and is a standard developed jointly between Google and Netflix. DIAL gives devices a way to quickly locate specified networked devices (TVs) and controlling programs (apps) on those devices.
Meaning, Roku TV (first screen) can be controlled by any devices as the second screen that knows its IP address. I’m not exactly sure how it works, but I wonder if the controlling device can send a DIAL broadcast, it basically can control any Roku TV. Even though this might not showing how a person can get sensitive data, for example username, password, or credit card, but it shows that the TV can be controlled by someone else like using a remote control from distance. This actually creeped me out even more because there might be a chance that there’s an intruder that can be lurking nearby or spying on you through the set.
I believe there’s a lot more to be learned from the DIAL Protocol. Someone skilled in computer architecture might be able to decompile the application further and find an exploit. Someone knowledgeable about cryptographic signatures might make more progress with a man-in-the-middle attack.