Many people are unaware that video displays send data which is then processed by the connected device and that this data can contain security threats. This paper aims to act as a useful introduction to the technologies involved in video interfacing, the potential for security vulnerabilities and ways to test for their presence.
In the paper Andy Davis will be describing video protocol data-structures, data-sequences and practical challenges, and will also explain how to build a hardware-based fuzzer, provide some example firmware fuzzing code, and describe some interesting findings from the fuzzing which has been undertaken so far.
This will also cover the security of video drivers which interpret and process data supplied to them by external displays, projectors and KVM switches, covering all the main video standards, VGA, DVI, HDMI and DisplayPort.