King Kévin
a23e5228da
|
||
|---|---|---|
| coraleda/subc | ||
| geda/symbols | ||
| library@939ae5450b | ||
| .gitignore | ||
| .gitmodules | ||
| .qeda.yaml | ||
| CHANGELOG.md | ||
| DEVELOPMENT.md | ||
| LICENSE.txt | ||
| README.md | ||
| Rakefile | ||
| gafrc | ||
| hdmi_firewall.lht | ||
| hdmi_firewall.sch | ||
| mass_prop.sh | ||
| pnp_fab.tab | ||
| version | ||
README.md
the HDMI firewall protects your HDMI equipment from being hacked.
purpose
HDMI is mainly used to transfer audio and video, but also offers a number of additional features (e.g. HPD, CEC, HEAC, MHL). This increases the attack surface, and since the security of their implement in embedded devices if far from ideal, an attacker could exploit them and inject malicious code. Now your unsuspicious video equipment is compromised and threatens your IT/network security. And your monitor could then in turn hack back any other equipment connected to it.
For example, if you invite an external guest for a presentation inside your company. For that you offer to connect to a video-project so he can show his slides. This is the perfect opportunity for the guest to hack the video-project. And next time an employee connect to this project, his laptop is hacked back. And voila, the innocent guest managed to infiltrate your company network, and can exfiltrate confidential information.
The HDMI firewall block all the additional features, and only allow the equipment to receive audio and video data. It is based on the research of Pierre-Michel RICORDEL and José LOPES-ESTEVES from ANSSI/SDE/ST/LSF presented during SSTIC 2021.
usage
You first have to copy the Extended Display Identification Data (EDID) information of the equipment to protect. This data includes information such as the supported resolutions. You can read it out using the I²C-based Display Data Channel (DDC) interface. Then disable the write protect on the HDMI firewall using the switch (the LED will turn off). Write the EDID data on the EEPROM of the HDMI firewall, and turn back on the write protection (the LED will turn on). This will prevent attackers from injecting any malicious payload. This only has to be done once (per monitor to protect).
Now connect the monitor to be protected on the corresponding port of the HDMI firewall. Only allow users to connect on the untrusted device port. Your equipment is not protected.
limitations
High-bandwidth Digital Content Protection (HDCP) is not supported since the DDC interface is limited to the EDID information.
By default, turn the 5V forwarding off using the second switch on the HDMI firewall. This reduces further more the attack surface. If the monitor is not able to detect the connected device, then turn it back on.
mode of operation
To protect the monitor, the HDMI firewall only forwards the signal lines used for audio/video (A/V) data transfer (D0, D1, D2, CK). All other signal lines are unconnected (CEC, SDA, SCL, utility/HEAC+, HPD). This will block all non A/V interfaces (e.g. DDC, HPD, CEC, HEAC, MHL) The SDA/SCL lines used for the DDC interface to provide the EDID information to the device are connected to an EEPROM on the firewall. This is where you need to copy the monitor information to. This limits the DDC interface to the EDID information.