What the HEC - Security Implications of HDMI Ethernet Channel and Other Related Protocols

Explore the security implications of HDMI Ethernet Channel and related protocols in this 49-minute conference talk from 44CON Information Security Conference. Delve into the evolution from VGA to HDMI and the additional capabilities this transition brings. Examine the EDID protocol's security, which enables displays to communicate with hosts via HDMI and VGA interfaces. Investigate the Consumer Electronics Control (CEC) and HDMI Ethernet Channel (HEC) protocols, discussing their impact on consumer network security and corporate environments. Learn about CECSTeR, a CEC security testing tool, and its applications. Analyze supported CEC commands, protocol details, and fuzzing techniques. Explore HEC's features, including Capability Discovery and Control (CDC), network loop prevention, and queue control. Uncover potential security risks such as endpoint protection circumvention and unauthorized network extension. Gain insights into testing methodologies for HDMI Ethernet Channel and other corporate HDMI security concerns.

Intro
Why am I talking about video interfaces?
HDMI is an output isn't it?
Supported CEC commands
The CEC protocol
Can we fuzz CEC?
What are the fuzzer results?
HEC - HDMI Ethernet Channel
CDC (Capability Discovery and Control)
Network loop prevention
Queue control
Endpoint Protection Circumvent
Unauthorised Network Extensio
Testing HDMI Ethernet Channel
Another corporate HDMI security risk