doc: document project
This commit is contained in:
parent
c9adea88e4
commit
7d6caee37e
45
README.md
45
README.md
|
|
@ -1,7 +1,50 @@
|
|||
these are the hardware design files for **insert project name here**.
|
||||
the HDMI firewall protects your HDMI equipment from being hacked.
|
||||
|
||||
purpose
|
||||
=======
|
||||
|
||||
HDMI is mainly used to transfer audio and video, but also offers a number of additional features (e.g. HPD, CEC, HEAC, MHL).
|
||||
This increases the attack surface, and since the security of their implement in embedded devices if far from ideal, an attacker could exploit them and inject malicious code.
|
||||
Now your unsuspicious video equipment is compromised and threatens your IT/network security.
|
||||
And your monitor could then in turn hack back any other equipment connected to it.
|
||||
|
||||
For example, if you invite an external guest for a presentation inside your company.
|
||||
For that you offer to connect to a video-project so he can show his slides.
|
||||
This is the perfect opportunity for the guest to hack the video-project.
|
||||
And next time an employee connect to this project, his laptop is hacked back.
|
||||
And voila, the innocent guest managed to infiltrate your company network, and can exfiltrate confidential information.
|
||||
|
||||
The HDMI firewall block all the additional features, and only allow the equipment to receive audio and video data.
|
||||
It is based on the research of Pierre-Michel RICORDEL and José LOPES-ESTEVES from ANSSI/SDE/ST/LSF presented during [SSTIC 2021](https://sstic.org/2021/presentation/un_pare_feu_pour_le_hdmi/).
|
||||
|
||||
usage
|
||||
=====
|
||||
|
||||
You first have to copy the Extended Display Identification Data (EDID) information of the equipment to protect.
|
||||
This data includes information such as the supported resolutions.
|
||||
You can read it out using the I²C-based Display Data Channel (DDC) interface.
|
||||
Then disable the write protect on the HDMI firewall using the switch (the LED will turn off).
|
||||
Write the EDID data on the EEPROM of the HDMI firewall, and turn back on the write protection (the LED will turn on).
|
||||
This will prevent attackers from injecting any malicious payload.
|
||||
This only has to be done once (per monitor to protect).
|
||||
|
||||
Now connect the monitor to be protected on the corresponding port of the HDMI firewall.
|
||||
Only allow users to connect on the untrusted device port.
|
||||
Your equipment is not protected.
|
||||
|
||||
limitations
|
||||
===========
|
||||
|
||||
High-bandwidth Digital Content Protection (HDCP) is not supported since the DDC interface is limited to the EDID information.
|
||||
|
||||
By default, turn the 5V forwarding off using the second switch on the HDMI firewall.
|
||||
This reduces further more the attack surface.
|
||||
If the monitor is not able to detect the connected device, then turn it back on.
|
||||
|
||||
mode of operation
|
||||
=================
|
||||
|
||||
To protect the monitor, the HDMI firewall only forwards the signal lines used for audio/video data transfer (D0, D1, D2, CK).
|
||||
All other signal lines are unconnected (CEC, SDA, SCL, utility/HEAC+, HPD).
|
||||
The SDA/SCL lines used for the DDC interface to provide the EDID information to the device are connected to an EEPROM on the firewall.
|
||||
This is where you need to copy the monitor information to.
|
||||
|
|
|
|||
Loading…
Reference in New Issue