H(ack)DMI: Pwning HDMI for Fun and Profit

HDMI (High-Definition Multimedia Interface) is a proprietary audio/video interface for transmitting uncompressed video data and compressed or uncompressed digital audio data from an HDMI-compliant source device, such as a display controller, to a compatible computer monitor, video projector, digital television, or digital audio device.

In HDMI, there are not only TMDS protocol that transmits video and audio data but CEC, DDC and ARC protocols that provide different functions.

We would like to introduce the audience to:

  1. The HDMI protocol
  2. Why these protocols can be regarded as attack vectors
  3. The fuzzer we made
  4. The vulnerability found in Xiaomi mibox3.

Although there is a weakness that HDMI requires a direct line connection, considering the HDMI usage rate of AV devices, the impact of a HDMI vulnerability is huge. In fact, the discovery of vulnerabilities in the HDMI protocol is expected to be a differentiating presentation from the presentation of existing potential attacks. In previous presentations on HDMI, only the possibility that HDMI could be used as an attack vector was suggested. However, we will show you concretely how this can be so and how we designed and implemented a fuzzer that has resulted in three vulnerabilities found in Xiaomi mibox3.

Location: Track 2 Date: May 9, 2019 Time: 5:30 pm - 6:30 pm Jeonghoon Shin Changhyeon Moon