Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infection along a VGA or HDMI cable, would this be impossible?


  • Please log in to reply
6 replies to this topic

#1 rp88

rp88

  • Members
  • 2,937 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:28 AM

Posted 05 August 2017 - 12:09 PM

I've been wondering recently whether the following scenario could pose any risks. I would assume it couldn't because as far as I know VGA and HDMI cables can only carry, formerly, image signals for video and, latterly, image video plus audio signals.

1.A user connects a laptop/desktop to a monitor/TV screen/projector and uses an HDMI or VGA cable to project a second screen on the monitor/TV screen/projector.
2.The monitor/television/projector has an infection in it's firmware/onboard software which was either caused by an infected user previously connected** to it or by it being from a dodgy manufacturer who wanted to distribute a virus as well as selling screens/televisions/projector boxes. Many such things thesedays are pretty advanced in terms of functionality, especially with smart televisions and such being in existance (many of which will occasionally be used simply as display screens for computers), so it's not implausible to imagine that one could have an infection on it somehow.
3.Can an infection in the monitor/television/projector now travel down the VGA/HDMI cable and infect the laptop/desktop of the user?

**As a secondary question could a virus travel this way along a VGA or HDMI cable, I would guess that if 3 can happen then this can too, I know that the cables themselves aren't directional but their might be differences in terms of the hardware of the HDMI/VGA connector built into the screen and the connector built into the computer.

Thanks

Edited by rp88, 05 August 2017 - 12:10 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

BC AdBot (Login to Remove)

 


#2 CyberSec_ET

CyberSec_ET

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Forestville California
  • Local time:06:28 PM

Posted 06 August 2017 - 02:44 AM

I've been wondering recently whether the following scenario could pose any risks. I would assume it couldn't because as far as I know VGA and HDMI cables can only carry, formerly, image signals for video and, latterly, image video plus audio signals.

1.A user connects a laptop/desktop to a monitor/TV screen/projector and uses an HDMI or VGA cable to project a second screen on the monitor/TV screen/projector.
2.The monitor/television/projector has an infection in it's firmware/onboard software which was either caused by an infected user previously connected** to it or by it being from a dodgy manufacturer who wanted to distribute a virus as well as selling screens/televisions/projector boxes. Many such things thesedays are pretty advanced in terms of functionality, especially with smart televisions and such being in existance (many of which will occasionally be used simply as display screens for computers), so it's not implausible to imagine that one could have an infection on it somehow.
3.Can an infection in the monitor/television/projector now travel down the VGA/HDMI cable and infect the laptop/desktop of the user?

**As a secondary question could a virus travel this way along a VGA or HDMI cable, I would guess that if 3 can happen then this can too, I know that the cables themselves aren't directional but their might be differences in terms of the hardware of the HDMI/VGA connector built into the screen and the connector built into the computer.

Thanks

 

VGA and HDMI cables >> Its possible?

 

The only way for infections to reach your computer is through the ethernet cable via your modem. or a coax cable.


Edited by CyberSec_ET, 06 August 2017 - 02:45 AM.


#3 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 6,890 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:09:28 PM

Posted 06 August 2017 - 11:45 AM

Unless I am misremembering something, I have to agree with CyberSec_ET.

 

I believe both HDMI and VGA are "output only" and if there's nothing on the computer that can take input from them I don't know how anything could come in from either even if some clever person tried to push something "against the stream".


Brian  AKA  Bri the Tech Guy (my website address is in my profile) Windows 10 Home, 64-bit, Version 1709, Build 16299

       

    Here is a test to find out whether your mission in life is complete.  If you’re alive, it isn’t.
             ~ Lauren Bacall
              

 


#4 Crazy Cat

Crazy Cat

  • Members
  • 808 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lunatic Asylum
  • Local time:01:28 PM

Posted 06 August 2017 - 08:14 PM

Software wise NO, but hardware is possible.

[34] RAGEMASTER: (see image above, right) A concealed $30 device that taps the video signal from a target's computer's VGA signal output so the NSA can see what is on a targeted desktop monitor. It is powered by a remote radar and responds by modulating the VGA red signal (which is also sent out most DVI ports) into the RF signal it re-radiates; this method of transmission is codenamed VAGRANT. RAGEMASTER is usually installed/concealed in the ferrite choke of the target cable. The original documents are dated 2008-07-24. Several receiver/demodulating devices are available, e.g. NIGHTWATCH.[6]

https://en.wikipedia.org/wiki/NSA_ANT_catalog
https://en.wikipedia.org/wiki/File:NSA_RAGEMASTER.jpg
 

Two things are infinite: the universe and human stupidity; and I'm not sure about the universe. ― Albert Einstein ― Insanity is doing the same thing, over and over again, but expecting different results.

 

InternetDefenseLeague-footer-badge.png


#5 Crazy Cat

Crazy Cat

  • Members
  • 808 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lunatic Asylum
  • Local time:01:28 PM

Posted 06 August 2017 - 08:59 PM

After reading these, the jury is still out in regards to software? I will investigate this further?

Communication channels. https://en.wikipedia.org/wiki/HDMI#Communication_channels
https://en.wikipedia.org/wiki/HDMI#HDMI_Ethernet_and_Audio_Return_Channel
https://en.wikipedia.org/wiki/High-bandwidth_Digital_Content_Protection


VGA and HDMI are not one-way; besides the main send-pictures functionality, there is some low-bandwidth bidirectional communication. This is how a computer can "know" that a new display was connected, and what resolution to use on that display. In the case of VGA, this was a backported feature (VGA displays from the early 1990s could not do that).

Theoretically, this could be exploited, if (and only if) there is some weakness in the receiving part (the display card and its driver). The protocol is not complex (no TCP/IP stack involved) so exploitable security holes should be rare.

Usually, a malicious display can do much more evil by simply logging a copy of everything that is displayed. For instance, I have an account in a bank, such that for online banking I "type" a password by clicking on semi-randomly located buttons. A screen logger grabs the password easily in such conditions (ironically, that system was meant to thwart keyloggers). Therefore, the usual wisdom is that if your display is malicious, then you already have bigger problems.

Note: some displays also double as a USB hub -- and weaknesses in USB protocols have been exploited (e.g. the "PS3 Jailbreak" from 2010). For common PC, the USB link is an extra plug, but these things may change. For instance, Apple computers now use the Thunderbolt interface which is fully bidirectional and uses a rather complex protocol, where security holes are quite plausible. https://security.stackexchange.com/questions/19007/vga-hdmi-based-attack


Image ports, like VGA, DVI and HDMI, are fully safe, as they cannot mount or send commands to the computer. They can send identification strings to the computer, like the manufacturer name of the screen and its supported rates and resolutions, but to actually compromise anything, the device would then need to take advantage of a exploit in the host computer like a buffer overflow or similar AND the monitor must be firmware-upgradeable over the image port, so the malicious payload can be installed.

Pretty unlikeably that the computer monitor would be firmware-upgradeable via its picture input AND you get a malware in the "bad" computer that supports infecting the monitor AND the "clean" computer is vulnerable (Buffer overflow or similar) to bad strings sent via the image port. https://security.stackexchange.com/questions/137308/is-it-possible-to-transfer-malware-viruses-through-a-kvm-switch-from-one-comput
 

Two things are infinite: the universe and human stupidity; and I'm not sure about the universe. ― Albert Einstein ― Insanity is doing the same thing, over and over again, but expecting different results.

 

InternetDefenseLeague-footer-badge.png


#6 JohnnyJammer

JohnnyJammer

  • Members
  • 1,114 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:QLD Australia
  • Local time:11:28 AM

Posted 06 August 2017 - 10:43 PM

 

I've been wondering recently whether the following scenario could pose any risks. I would assume it couldn't because as far as I know VGA and HDMI cables can only carry, formerly, image signals for video and, latterly, image video plus audio signals.

1.A user connects a laptop/desktop to a monitor/TV screen/projector and uses an HDMI or VGA cable to project a second screen on the monitor/TV screen/projector.
2.The monitor/television/projector has an infection in it's firmware/onboard software which was either caused by an infected user previously connected** to it or by it being from a dodgy manufacturer who wanted to distribute a virus as well as selling screens/televisions/projector boxes. Many such things thesedays are pretty advanced in terms of functionality, especially with smart televisions and such being in existance (many of which will occasionally be used simply as display screens for computers), so it's not implausible to imagine that one could have an infection on it somehow.
3.Can an infection in the monitor/television/projector now travel down the VGA/HDMI cable and infect the laptop/desktop of the user?

**As a secondary question could a virus travel this way along a VGA or HDMI cable, I would guess that if 3 can happen then this can too, I know that the cables themselves aren't directional but their might be differences in terms of the hardware of the HDMI/VGA connector built into the screen and the connector built into the computer.

Thanks

 

VGA and HDMI cables >> Its possible?

 

The only way for infections to reach your computer is through the ethernet cable via your modem. or a coax cable.

 

Thats incorrect big time mate sorry. Air gaped Servers, main frames can be exploited with out any network connections and can be achieved through bios speakers, desktop speakers, power grid and or a removable media.



#7 JohnnyJammer

JohnnyJammer

  • Members
  • 1,114 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:QLD Australia
  • Local time:11:28 AM

Posted 06 August 2017 - 10:44 PM

i would have assumed a malformed media codec could exploit the audio through HDMI but as far as the execution goes, i cant see how any form of data could be stored once the cable has been un-plugged from a PC.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users