<cyrozap>
azonenberg: One of the attacks in the presentation I linked was "present a green HTTPS lock for a phishing website", and it works because that particular LCD controller can both read and write to arbitrary pixels on the screen, so it can do OS/browser detection, etc.
<azonenberg>
cyrozap: innteresting
<qu1j0t3>
yeah, that's intense
<cyrozap>
Not all LCD controllers are capable of that (this was a particularly fancy one), but the firmware for a bunch of Dell monitors can be updated over I2C/DDC (which, remember, the MCU in the dongle has to talk over in order to translate between DP AUX and HDMI DDC).
<cyrozap>
And even the cheapest Realtek LCD controllers can be updated over DDC/I2C, so it's probably not that far-fetched of an attack vector.
<azonenberg>
yeah interesting
<cyrozap>
Because even if you hit one of the controllers that can't read/write arbitrary pixels, you can still use it as an infected host to spread the malware to another dongle, which could then spread it to a more valuable target.
<azonenberg>
yeah
<cyrozap>
Sorry, small correction: It seems Dell monitor firware is updated over USB, not DDC, but you can still send commands to the monitor over DDC/CI, so if the monitor doesn't parse them properly you could potentially exploit that. That said, the Realtek RTD2660/RTD2662 LCD controller is updated over DDC, so this would still apply to devices based on that SoC, at a minimum.