Convergence of Artificial Intelligence, Cybersecurity, and Broadcasting: Understanding a New Way of Looking at a Legacy Service

Henry Anthony McKelvey

Abstract – The convergence of Artificial Intelligence (AI), Cybersecurity, and Broadcasting represents a transformative juncture in multimedia. The forces driving this multidisciplinary synergy are technological advancements reshaping content creation, delivery, and protection. The author will discuss the implications of convergence, analyzing its impact on content production, distribution, and the evolving threat landscape, including customer premises, broadcaster networks, and vendor networks. As broadcasters increasingly rely on AI-driven content production, they must bolster cybersecurity to protect their media and business assets. In addition, customers must be aware of utilizing the existing protection provided by their intelligent televisions. Broadcasters may leverage AI and associated technologies to analyze viewer preferences and behavior, optimizing content curation and delivery.

Strong cybersecurity measures are necessary to protect broadcast infrastructure (classified as critical infrastructure by DHS), safeguard viewers’ personal information, and maintain trust in the broadcasting industry. The evolving threat agent landscape further complicates the cybersecurity presence in broadcasting. As AI-driven technologies become integral to media operations, they become attractive targets for malicious actors. Cyberattacks on media organizations, including ransomware, data breaches, and content manipulation, have surged recently. In conclusion, the convergence of AI, Cybersecurity, and Broadcasting is reshaping the media ecosystem. AI-powered content creation and distribution offer new creative possibilities and business models, while cybersecurity becomes paramount to protect against emerging threats.

The Past: Televisions Were Televisions, and Computers Were Computers (A Little History from Broadband and Broadcasting)

Twenty to thirty years ago, when you talked about firewalls and the need to protect network assets, no one would have imagined that you would one day be referencing your home TV as one of those network devices because Televisions functioned in one of two ways, you either get your signal Over The Air (OTA) or Over The Top (OTT) using a set-top box [1]. Very few people had in mind that streaming video onto your Television was a thing to do. The streaming of video over the network in a faster and more robust way is made possible through the Internet and various groups studying multicast technologies such as Multicast Backbone (MBONE) and high-speed data transfer networks such as the Advanced Technology Demonstration Network (ATDNet), and Multi-wave Optical Network (MONet) [2]. Most of the video and audio used in these cases were from live or canned client/server arrangements far from Television. Figure 1 shows the layout of the ATDNet and MONet networks, which transmitted high bandwidth broadband, Multicast-Backbone (MBONE) video and audio, and Department of Defense traffic [2].

However, it was from this starting point that the theories behind what is happening now started. When ATSC1.0 was approved in the United States in 2008 and implemented on June 12, 2009 [3], the game changed; you now had Digital TV being transmitted to homes in the US, and suddenly, you had people thinking about using the airwaves and wireless-based networks to allow mass transmissions of digital signals (possibly IP-Based, or as the telecommunications industry called it Packet Switched Data).

Eventually, this was one of the ways experts and researchers realized Digital TV had limitations and that networks would be very unforgiving of these limitations; these dealt with timing, framing, and signal spacing issues. At that time, people had to settle for having a Digital TV Set and a computer in their homes.

The advent of the genuinely non-NTSC (ATSC 1.0) Television opened the possibility of Digital Televisions and the control circuits for such a Television as alleged in US Patent No: 856681B2. The patent authors asserted that Digital TVs can be diagnosed and controlled via a network-based connection [4]. The use of networked controlled Televisions moved the TV and the PC closer together in that they were now sharing the same network (Figure 3) and separated by goal and purpose. The Television remained a television, and the computer remained a computer. Below is an example of an ATSC1.0 Broadcast TV Network:

The Present: Televisions/Computers

Today, we are looking at TV/computer hybrids. These hybrids require software updates and resemble how an all-in-one computer functions: TVs now have Operating Systems with utilities and can run applications. At this point, the TV has become a network element in the way that computers, switches, bridges, and routers are network elements. The typical network infrastructure for ISP Delivered TV looks like the following:

As shown in Figure 3, the Smart TV and the computer can now share the same IP network and receive network-based protocols such as TCP, ICMP, SCP, SSH, and other network protocols. The point is that, at this juncture, the separation no longer exists between the TV and the computer. The Modern Television is now a fully functional Computer that can receive application, utility, and Operating System updates and upgrades. In many cases, it can also allow the side loading of applications by users/consumers. In addition, ATSC-3.0 and IPTV systems dongles allow Computer monitors to act as viewing screens. These ATSC-3.0 and IPTV systems dongles are embedded computer systems that enable running Linux-like operating systems (WebOS, Google TV, Android TV, Kodi, and others). The fascinating thing about these systems is that they are the future of Television; you can say that the day of Television as a system separated from computers and networks has been over for quite some time, and the Computer/Television hybrid is a reality. Figure 4. Gives a sense of perspective to the use of computer networking in the control and display of modern Television units and embodiments thereof: [4]

In Figure 4 are the control mechanisms for an embedded system within the Smart TV which is network accessible; the system pictured here in Figure 4 may not be the exact embedded system that appears in Smart Televisions, the observation of the functionality of the embedded systems from modern embedded systems; therefore, the drawing displayed in Figure 4 may not be 100% accurate in form, but the functionality and substance of purpose is present. The external Testing Network shows that accessing a Television from a network is possible and thus may be susceptible to network attacks like other network-based entities.

While there are firewalls installed in modern Televisions, there is some question about these firewalls being able to stand up to and sustain an attack from within and outside the network. Quoting CISO John McClure of Sinclair, Inc., “Modern TVs may have firewalls and some basic protections, but we know these devices will not always be sufficiently hardened against modern and evolving threats. Additionally, they are normally run on the same segment as other devices in someone’s home – which may include computers, security alarms, cars, and even medical devices. So, the risks are not simply what is being transmitted between broadcaster and consumer but much greater“.

For now, the Consumer Equipment manufacturers are the sole party responsible for the abilities of the firewalls and their configuration since the testing of such has not been the purview of the Broadcasters and their test facilities. The viewpoint, as mentioned earlier, is somewhat shortsighted because now, with the Broadcasters wanting to develop network-facing assets, the assurance of firewall protection becomes a must for Broadcasters and needed security testing on Televisions will have to eventually follow with ATSC-3.0 dongles and other devices that are now to be assumed as network facing.

The Possibility of Attack: Television and Network Devices.

As stated, the modern Television is now a network device and should allow for networked system testing to occur with the device. The testing includes supporting and testing the device’s security features along with its Internet connectivity visual and aural functions. As is practiced in Broadband, security is an essential factor before devices go to market, or at least it should be; this is because once an attack vector is known, their threat actors will go on the offensive and start attacking your network. The Smart TV is no exception to the rule; the Smart TV, like any other network device, must be considered a possible target, victim, or perpetrator of a cyber-attack. A threat actor may deliver a direct assault against the television device through a phishing attack launched inside the home network due to the customers clicking on a link or activating an event. Network breaches of this type are prevalent and are used by threat actors because of the great success of such attacks. Once a threat actor has gained access, scanning for specific network elements is the usual procedure. These scans are an attempt to understand the target’s network’s layout and determine what devices are housed on the target’s network.

The common determiner of network elements is, as stated by a Port Scan, port scans executed are from a Network Port Analyzer, also referred to as a network scanner. One such device is Network Mapper, or Nmap for short. The phishing attack may deliver a payload. In turn, that payload would look for the scanning program on your system, or as I once demonstrated in a class, the phishing attack may ask you to load it under a pseudonym. This attack has worked on people unfamiliar with network attacks and network scanning software. The phishing attack may even allow threat actors to enter and download the software onto your computer system. Many have fallen prey to this type of attack. One such attachment that I proposed is one where a person answers a phishing email that loads a scanner bot (a bot is a script that carries out a specific task); the scanner bot finds your TV device and captures its name and other important information about the TV device, you are then presented with an email which you click on the link, and it activates the ping/syn flood bot which has been loaded onto your system. The ping/syn flood bot attacks the TV due to the information previously loaded to the threat actor’s site. The Ping/Syn flood bot overwhelms the TV device and then requests that you download a fix for the TV device, and when you download the software, it installs a malicious payload on the TV.

Some would call such an attack purely theoretical. However, the facts are that companies and government agencies have fallen for such attacks. Therefore, the theory is sound and has proven a viable means of attack. Figure 5. shows what such an attack would be like if flow charted. The flowchart in Figure 5 is the standard decision-making model in which actions are determined by what the program is expecting.

The process starts with sending a phishing email and then waiting for a response, either answering the email or not. If the email is unanswered, the attacker retries sending a new or different variant of the first email. If the email is answered, the phishing email allows the loading of the malicious program. Once the program is loaded, it scans your systems for the brand specified in the program. Once the device is located, the malicious program starts the Syn flood attack. If the device is not located, the program retries. The attack will flood the target device with syn and ping floods, logically disconnecting the device from the network. The program will then check to see if the device is offline using the IP address to perform a regular ping process. If the set is offline, the attack will end and alert the threat actor (fake consumer support) that the attack was successful. If the attack is not successful, the program will reinitiate the attack.

Artificial Intelligence: The Threat Multiplier

Since the advent of artificial Intelligence, the Generative Pre-Trained transformer (GPT) has been a large language model and a prominent framework for generative artificial Intelligence. They are artificial neural networks used in natural language processing. Cybersecurity experts have been somewhat apprehensive about understanding how threat actors would adopt the new technology. The answer to the statement was immediate, requiring guardrails to be put on AI appearances such as ChatGPT and Google BARD (Now called Gemini). These guard rails did nothing but force the threat actors to develop new GPTs and for academics to build GPTs such as DarkBERT (created by South Korean researchers), DarkBART (patterned after DarkBERT but uses the Dark Web as its Large Language Model (LLM)) [5], and the development of DarkGPT, and many other GPTs far worse than ChatGPT without guard rails.

Cybersecurity experts are forced to play catch-up with the threat actor community. As the reader, you may have noticed my lack of using the term Hacker because I want to differentiate between Hackers and Threat Actors. The cybersecurity community has given the term Hacker a negative connotation. Still, the term hacker can also have positive connotations because one must understand Hacking to be a good cybersecurity professional. Threat Actors know this and want to muddy the waters constantly. The term Hacker also gives the impression of some kid or man in his parent’s basement eating Hot Pockets and drinking Jolt Cola. I ask Cyber Security professionals that they do not fall for this image; the modern Threat Actor is a professional Cyber Criminal that will attack with a specific goal, usually driven by monetary gain or political agenda; these people are not in this “game” for bragging rights. Next, we will delve into the use of Python in carrying out such attacks; since Python is an easy language to learn, it can provide Cyber Criminals with a way to create simple programs that GPT AI can expand on and build more robust attack programs.

To show that a Threat Actor using AI can enhance attack scripts, I have written two Python Scripts that carry out a probing (Figure 6) and attack (Figure 7) function. I will improve these scripts with DarkGPT (Accessed from the World Wide Web). It should be noted that the use of DarkBART based on the Google GPT BARD and DarkBERT was created as a tool to aid Cyber Researchers in the study of AI created Cyber Attacks, whose unlicensed and improper use may constitute a criminal act [5] (a boundary this paper will deal with in a theoretical and academic sense). Therefore, the mention of DarkBART and DarkBERT is merely an academic hypothesis. However, using DarkGPT will demonstrate the enhancement of the Python scripts.

Figure 6 is a Python probe that can find a predetermined brand to attack; AI can expand such a script to increase its virality and attack strength. Such an attack would be like the Stuxnet malware program the US and Israel designed to attack a particular Programmable Logic Controller (PLC) manufactured by Siemens. In this case, the Python script will scan the network for a specific Organizationally Unique Identifier (OUI) and IP address combination. The script will then pass this information to the attack script. In Figure 7 (The Author has chosen not to display the hand-off script nor discuss the layout of such a script due to the possibility of the documents being used as a how-to guide by threat actors).

In Figure 7. The passing of the IP Address to the program as the <target_devices> variable, this target(s) is or are then set, and the attack begins. The attack is a relatively simple process in that the attack program institutes a simple syn attack, which is aimed at using the TCP 3-way handshake to use up memory and processor cycles on the target system. The syn attack is advantageous because it uses something the target systems must respond to; if not, it will create a secondary Denial of Service (DoS) Attack. Using just one system to carry out an attack is an excellent way of showing the mechanics behind the attack. However, a Threat Actor would most likely use other networked systems to help carry out such an attack or even use a botnet to create a Distributed Denial of Service (DDoS) Attack. Such a DDoS attack could be derived from attacking many of the IoT devices in the person’s home and then possibly launching an attack from the homes of TV users as the botnet would contain computers and IoT devices such as your smart TVs. A Threat Actor could also use the attack to support an external attack against the Broadcasters or the Consumer Equipment manufacturers.

A discussion of Figure 6 past what you see is needed to provide context for why AI is so powerful and can when misused, design a script that may be used to damage the broadcast network, the manufacturing network, and home user networks. Phishing attacks have proven to be one of the best ways to access the assets of companies and home network users. However, what about manufacturers of IoT devices (Also called Customer Equipment (CE))? One of the most telling facts is that even CE is not a haven for people against Threat Actors. What prevents a Customer Equipment Manufacturer from being the victim of someone who works for the CE Manufacturer installing aberrant code onto firmware devices and releasing the firmware into the wild, as threat actors say?

In 2021, Western Digital was the target of a malware attack. In contrast, their drives and some devices containing their hard drives were infected with malware, so if a person purchased the device or the drives, their systems would eventually become infected with malware [8]. Such insider attacks can and do happen. Therefore, it is not out of the question that CE manufacturers could eventually be attacked similarly and then pass the malware to their unwitting customers. Broadcasters and Customer Equipment Manufacturers must know that security through obscurity can no longer be considered a viable option for securing corporate assets. Such scripts, as displayed in Figure 6 and Figure 7, show that a simple attack design can feed an AI GPT system by enhancing the scripts, producing a more robust program that can be used to attack the broadcast network, the broadband network, and the CE manufacturer, not to mention the customers of these groups. The following graphic, Figure 7, is a Python script that can be expanded upon using AI to attack a system using a syn attack:

With Artificial Intelligence, the Threat Actor can expand the attacks and make them take on many other forms. Sinclair Broadcast Group CISO John McClure noted, ” I think the threats go well beyond common cybersecurity threats, but there are also rapidly evolving threats where actors are quickly leveraging AI for disinformation/misinformation campaigns – another nexus)!” The point is that the TV may not be the only item under attack. It just may be one of many network elements that may be attacked or used as a vector for an attack. The goal for modern systems should be to provide ample firewall protection for both the consumer and broadcaster networks since, with the advent of ATSC-3.0, there is an increased system-to-network connectivity. The scripts in Figure 6 and Figure 7 are not highly destructive. However, their destructiveness can be enhanced through AI and its ability to suggest and find modules that would be useful in a more intense attack on the systems in the network and possibly the Broadcast and Broadband systems attached to the network. As a test (not published here), the author posted the script to DarkGPT and received a more robust script. The author suggested creating a botnet by distributing the script to create a DDoS attack. Using AI’s suggestion of a Botnet would provide threat multiplication. The critical thing to remember is that the AI/DarkGPT chatbot is not just redeveloping the program; it is coming up with a more viral and direct attack. Such a botnet would be distributed among many systems within a company, which, depending on the company’s habits, is a genuine possibility.

One of the significant issues in deploying AI in developing an attack is the belief that AI needs to deploy the attack. Still, AI may be used in the following way: the enhancement of probing and attack scripts to enhance the capabilities of the aberrant script. In this case, AI becomes a tool for developing a more robust attack platform. Figures 6 and 7 are not an example of AI, but rather. The writing of scripts to provide a simple attack that may or may not work. However, using AI (DarkGPT), scripts are enhanced to increase their ability to perform the desired probing and attack actions. Therefore, let us go into the enhancements of the scripts. Figure 8 – Figure 11 shows the process of enhancement of these scripts using DarkGPT.

Figure 8. demonstrates the request of DarkGPT to enhance the scanning script; as is shown, the Nmap function currently has an -O flag, which is the Remote OS Detection option. This flag serves our purpose and delivers an output with the IP Address and the unit’s manufacturer.

Figure 9. demonstrates the response to the prompt requesting the enhancement of the original script to allow for the bypassing of a firewall, which the first script could be nullified using a firewall in the TV or Broadcast IOT device. Since a firewall-avoiding enhancement is possible, requesting additional script enhancements is also possible. The point here is that by starting with a simple probing script, it is possible to enhance it using AI, not that the script is AI, but rather the result of using AI to develop a better script. As can be seen in Figure 9, the script has been enhanced by adding additional arguments to the Nmap module, namely -O (Remote OS Detection), -Pn (Skip host discovery, No Pinging), -sT (Scan connect()), and -sV (Probe open ports to determine service/version info) [6].

Figure 10 will demonstrate the request of DarkGPT in the Script enhancement from Figure 7. The script in Figure 7 can launch an attack that can affect a small system, but to effectively attack a medium-range system, the script will have to be able to repeatedly launch an attack robust enough to cause the device to be disabled. The enhancements requested in Figure 10 should be able to accomplish this task. The question is how? By typing in a prompt request that gives DarkGPT an idea of what is required, DarkGPT can determine what to add to the script to enhance the script’s abilities. In Figure 10, that request is being made. The request is: “Enhance the following script to provide a more robust attack ability able to bypass a firewall and deplete memory resources of the target system:” Then input the script you want to be enhanced. The algorithm in the DarkGPT AI then enhances the script.

The point is that the threat actor only needs to know what they want to get DarkGPT to find what is required to enhance the attack script. It is worth noting that these examples are live scripts and could be used by a threat actor with knowledge of AI and Python. All attempts have been made to provide some obscuring of data so that this document does not become a how-to manuscript. However, it should become evident that even when trying to obscure some facts, using the DarkGPT can effectively fill in the blanks. The ability to fill in the blanks is one of the dangers of an AI like DarkGPT. It becomes a game of hide and seek where security professionals have to contend with the entire content of the World Wide Web and the Dark Web. The capabilities of programs like DarkGPT will only increase, and it will be up to Internet service providers, Broadcasters, and Television manufacturers to get together and form a defensive strategy.

Once again, the script is not AI, but the Threat Actor is requesting the AI DarkGPT to improve the script by including the ability to bypass firewalls and deplete memory resources. By performing these actions once again, we see that AI is being used as a tool and not as the user of the tool. However, It has been proven that AI can be used to launch attacks. Therefore, minimal discussion must be exerted on that topic except to say that it has been postulated and achieved in other forums. The additional features asked for are the bypassing of firewalls and the use of memory depletion. The Threat Actor is making the attack more destructive by requesting these two new items. The point here, as in the last few screenshots, is to demonstrate that AI can be used as a tool to facilitate an attack but not necessarily be the attacking entity; although other instances have proved that to be a viable method as well, it is however out of the scope of this paper. In Figure 11, the author will view the resultant enhanced script and explain how the script has been enhanced.

Figure 11. shows the result of the request to enhance the attack; the script can now duplicate the attack through succession or repetition of the disable_device(device) method (see note # Repeated for more memory depletion). The use of AI gave an option of duplicating the disable_device(device) method (note this is not very eloquent, but it works.)

Artificial Intelligence and GPT chatbots have given threat actors a better way of developing their programs, making them more network-lethal. The cybersecurity experts from the broadcasters, the broadband providers, and the customer equipment manufacturers need to get together and discuss a strategy that will allow them to meet the threat actors on common ground, even if this means leveraging the power of AI for a defensive stance against the GPTs that are not friendly.

It also may be asked how we know the script has disconnected the target device. What can be done to determine if the target device is offline? Once again, AI can produce an answer: In the prompt, I could write, “Modify the script to indicate when the device goes offline?” See Figure 12 for this AI addition to the script. Figure 12 shows additional features that can be added to the script via DarkGPT. This enhancement will be the ability to determine if the target system has gone offline.

In Figure 12, we can see the outcome of the prompt input: “Modify the script to indicate when the device goes offline?” the result is the addition of the line indicating an exception, which indicates the target is offline. This can trigger other actions, such as delivering a fake email for you to contact a fake company that will have you paying to have work done on your TV or your network; the options for this type of attack are wide open. That is why all concerned parties have to get out in front of this problem before it happens. To wait for this to happen will mean a lost opportunity.

Conclusion:

In conclusion, the industry has to realize that just as the physical elements of broadcasting, Broadband, and artificial Intelligence have changed the landscapes of networking and Television, their points of view must also change. Broadcasters must now look at security from a different viewpoint, not only protecting their data networks but also working with the customer equipment manufacturers to provide a means of testing and assuring the protection of the television unit. Broadband providers must start investing time and money in defensive systems to protect the parts of the broadcast cloud with which they may interact. Also, the CE manufacturers need to develop a security platform to leverage AI to help them design and deploy better firewalls to defend against threat actors and their deployment of AI. All stakeholders need to start looking at Broadband, Broadcast, and Artificial Intelligence as a threefold cord of protection that can allow a legacy service to provide continued support for the foreseeable future.

References

[1] Bridge, The Broadcast. “Ota versus Ott: What Is the Difference?” The Broadcast Bridge Connecting IT to Broadcast, September 21, 2021
[2] Gary, P . J. “Research and Development of High-End Computer Networks at GSFC.”, Dec. 2001, Https://Science.Gsfc.Nasa.Gov/606.1/Docs/A4P5%28Gary%29.Pdf, NASA, science.gsfc.nasa.gov/606.1/HECN.html.
[3] Low Power Television (LPTV) Service”, CDBS Database, Federal Communications Commission, May 17, 2011, archived from the original on April 1, 2013,
[4] McKelvey, H, et al. “Systems and Methods for Monitoring, Troubleshooting and/or Controlling a Digital Television,” October 22, 2013
[5] Montalbano, E. “‘Darkbert’ GPT-Based Malware Trains up on the Entire Dark Web.” Dark Reading, December 8, 2023, www.darkreading.com/application-security/gpt-based-malware-trains-dark-web.
[6] Lyon, G. “Nmap Reference Guide”, Nmap.Org, nmap.org/book/man-briefoptions.html, 7 May 2023.