2022-06-20 12:48:58 +02:00
The HDMI firewall protects your HDMI equipment from being hacked.
2021-07-22 12:22:24 +02:00
purpose
=======
2022-06-20 11:57:52 +02:00
HDMI is mainly used to transfer audio and video, but also offers a number of additional features (e.g. HPD, CEC, HEAC, MHL).
2022-06-20 12:48:58 +02:00
This increases the attack surface, and since the security of their implement in embedded devices is far from ideal, an attacker could exploit them and inject malicious code.
2022-06-20 11:57:52 +02:00
Now your unsuspicious video equipment is compromised and threatens your IT/network security.
And your monitor could then in turn hack back any other equipment connected to it.
2022-06-20 12:48:58 +02:00
For example, let's imagine you invite an external guest for a presentation inside your company.
You offer to connect to a video-projector so he can show his slides.
This is the perfect opportunity for the guest to hack the video-projector.
Next time an employee connects to this projector, his laptop is hacked back.
2022-06-20 11:57:52 +02:00
And voila, the innocent guest managed to infiltrate your company network, and can exfiltrate confidential information.
2022-06-20 12:48:58 +02:00
The HDMI firewall blocks all the additional features, and only allow the equipment to receive audio and video data.
It is based on the research of Pierre-Michel RICORDEL and José LOPES-ESTEVES from ANSSI/SDE/ST/LSF presented at the IT security conference [SSTIC 2021 ](https://sstic.org/2021/presentation/un_pare_feu_pour_le_hdmi/ ).
2022-06-20 11:57:52 +02:00
2021-07-22 12:22:24 +02:00
usage
=====
2022-06-20 11:57:52 +02:00
You first have to copy the Extended Display Identification Data (EDID) information of the equipment to protect.
This data includes information such as the supported resolutions.
You can read it out using the I²C-based Display Data Channel (DDC) interface.
Then disable the write protect on the HDMI firewall using the switch (the LED will turn off).
Write the EDID data on the EEPROM of the HDMI firewall, and turn back on the write protection (the LED will turn on).
This will prevent attackers from injecting any malicious payload.
This only has to be done once (per monitor to protect).
Now connect the monitor to be protected on the corresponding port of the HDMI firewall.
Only allow users to connect on the untrusted device port.
Your equipment is not protected.
limitations
===========
High-bandwidth Digital Content Protection (HDCP) is not supported since the DDC interface is limited to the EDID information.
By default, turn the 5V forwarding off using the second switch on the HDMI firewall.
This reduces further more the attack surface.
If the monitor is not able to detect the connected device, then turn it back on.
mode of operation
=================
2022-06-20 12:01:21 +02:00
To protect the monitor, the HDMI firewall only forwards the signal lines used for audio/video (A/V) data transfer (D0, D1, D2, CK).
2022-06-20 11:57:52 +02:00
All other signal lines are unconnected (CEC, SDA, SCL, utility/HEAC+, HPD).
2022-06-20 12:01:21 +02:00
This will block all non A/V interfaces (e.g. DDC, HPD, CEC, HEAC, MHL)
2022-06-20 11:57:52 +02:00
The SDA/SCL lines used for the DDC interface to provide the EDID information to the device are connected to an EEPROM on the firewall.
This is where you need to copy the monitor information to.
2022-06-20 12:01:21 +02:00
This limits the DDC interface to the EDID information.
