Any device sporting a chip and some form of communications protocol can be hacked – that’s almost as strong a law as those governing gravity.
Besides audio and video data, there are a number of parallel protocols in HDMI that transmit more information than we’d expect.
There is I2C configuration data, HDCP (High-bandwidth Digital Content Protection) DRM (Digital Rights Management) encryption data, HPD (Hot-Plug Detection) and CEC (Consumer Electronics Control) – just to name a few.
Is it time for an HDMI firewall? [King Kévin] thinks so, because he’s made one. It’s a surprisingly simple device, because the non-signal capabilities of HDMI rely on a set of conductors which are simply not connected. This of course also disconnects the on-board EEPROM in the device being connected, so there’s an EEPROM on the firewall board to replace it which must be programmed with the information for the device in question.
The HDMI firewall is little more than a physical dongle that can be directly connected to the HDMI port you want to secure. It works by blocking all data that’s not related to video and audio streaming. One dongle is required per port to be protected.
HDMI Firewall Protects Your Display Port (but Not your DisplayPort)
A dongle can keep your HDMI ports, and your network, safe.
https://www.tomshardware.com/news/hdmi-firewall-dongle-protects-unexpected-attack-vector
HDMI IS AN ATTACK SURFACE, SO HERE’S AN HDMI FIREWALL
https://hackaday.com/2022/06/22/hdmi-is-an-attack-surface-so-heres-an-hdmi-firewall/
https://git.cuvoodoo.info/kingkevin/board/src/branch/hdmi_firewall
3 Comments
Tomi Engdahl says:
https://git.cuvoodoo.info/kingkevin/board/src/branch/hdmi_firewall
tunnel rush says:
Thanks. very good article, exactly what i was looking for, i will definitely share it with my friends
Tomi Engdahl says:
https://www.facebook.com/groups/2600net/permalink/3631134820442950/
The HDMI firewall prevents devices from hacking HDMI equipment, and vice-versa.
HDMI is mainly used to transfer audio and video, but also offers a number of additional features (e.g. HPD, CEC, HEAC, MHL). This increases the attack surface, and since the security of their implement in embedded devices is far from ideal, an attacker could exploit them and inject malicious code. Now your unsuspicious video equipment is compromised and threatens your IT/network security. And your monitor could then in turn hack back any other device connected to it.
For example, let’s imagine you invite an external guest for a presentation inside your company. You offer to connect to a video-projector so he can show his slides. This is the perfect opportunity for the guest to hack the video-projector. Next time an employee connects to this projector, his laptop is hacked back. And voila, the innocent guest managed to infiltrate your company network, and can exfiltrate confidential information.
The HDMI firewall blocks all additional interfaces, and only allows audio and video data transfer. It is based on the research of Pierre-Michel Ricordel and José Lopes Esteves from ANSSI/SDE/ST/LSF presented at the IT security conference SSTIC 2021.
https://git.cuvoodoo.info/kingkevin/board/src/branch/hdmi_firewall/README.md?fbclid=IwAR1fUIhJzv-vagNltI1mPtTVLdHKdTh598v3WYtwsd5KScmX2oWiiJrQbbg