Many years of use of televisions, monitors and projectors have conditioned us to treat them as simple peripherals whose cables only carry video. A VGA cable may have an i2c interface for monitor detection, but otherwise presents few security risks. An HDMI interface, on the other hand, can carry an ever-increasing number of much more capable ports, meaning it has made the leap from simply a signal cable to a connector packed with interesting attack vectors for a bad guy. Is it time for an HDMI firewall? [King Kévin] he thinks so, because he has made one.
It’s a surprisingly simple device, because HDMI’s no-signal capabilities rely on a set of leads that simply aren’t connected. Of course, this also disconnects the EEPROM built into the device being connected, so there is an EEPROM on the firewall board to replace it, which must be programmed with the information from the device in question.
The premise of HDMI as an attack surface is valid, and we’re sure there will be attacks that can be performed on vulnerable displays that could, in turn, potentially do bad things to anything that connects to them. However, the main value for most readers here is probably in the introduction it provides to some of what goes into an HDMI interface and access to the i2c interface on it.
It’s surprising to realize that HDMI is approaching 20 years old, so it’s no surprise that its hacking has quite a history.