When a display device (e.g., a monitor, television, projector, etc) is connected to a source device (e.g., a computer that includes a graphics card, a cable or satellite television set top box, a Blue-ray player, a gaming console, etc.), the display device typically sends Extended Display Identification Data (EDID) to the source device. This EDID can include a number of different types of data such as product identifiers (e.g., a manufacturer ID, a product ID code, a serial number, etc.), basic display parameters (e.g., video input type, horizontal and vertical size, display gamma, etc.), color space definition, timing information, etc. The source device can employ the EDID to customize the display data it will output to the display device.
A number of different interfaces can be employed to connect a display device to a source device. These interfaces include High Definition Multimedia Interface (HDMI), Display Port (DP), Mobile High-Definition Link (MHL), and Digital Visual Interface (DVI) among others. EDID (as well as any enhanced EDID (E-EDID)) can be communicated over any of these interfaces using what is known as the Display Data Channel (DDC) standard. In essence, the DDC defines how to enable plug-and-play-like functionality for display devices.
Although the implementation of these protocols/standards has simplified the process of connecting a display device to a source device, it has also created a number of vulnerabilities to the source device. For example, it is becoming more common to place source devices in public places (e.g., IoT gateways). If someone has physical access to the source device, it is possible to connect a display device, access a logon screen via the display device, and then perform a brute force attack to gain access to the source device including any sensitive information that may be stored on the source device.
Also, many display devices may include an operating system that has wired or wireless network capabilities (e.g., smart televisions). If a user connects a source device to a display device with such capabilities, it is possible that the source device could be improperly accessed via a network to which the display device is connected (e.g., when the source device is connected to the display device via an HDMI Ethernet channel).
Further, malware could be injected (whether maliciously or unintentionally) into a display device's firmware or operating system. In such a case, once the display device is connected to a source device, the malware would gain access to the source device and possibly copy sensitive information to the display device's storage where it would become easily accessible to a malicious user.
Finally, the EDID itself can be a point of vulnerability. For example, a display device could be configured to report EDID that will cause an application to crash or a buffer overflow on the source device. In short, as it becomes more common to locate source devices where they are physically accessible and to provide display devices with networking capabilities, it will also become more common for source devices to be maliciously accessed via display devices.