Many years of using televisions, monitors, and projectors have conditioned us into treating them as simple peripherals whose cables carry only video. A VGA cable may have an i2c interface for monitor detection, but otherwise it presents little security risk. An HDMI interface on the other hand can carry an increasing number of far more capable ports, meaning that it has made the leap from merely a signal cable to being a connector stuffed with interesting attack vectors for a miscreant. Is it time for an HDMI firewall? [King Kévin] thinks so, because he’s made one.
It’s a surprisingly simple device, because the non-signal capabilities of HDMI rely on a set of conductors which are simply not connected. This of course also disconnects the on-board EEPROM in the device being connected, so there’s an EEPROM on the firewall board to replace it which must be programmed with the information for the device in question.
The premise of HDMI as an attack surface is a valid one, and we’re sure there will be attacks that can be performed on vulnerable displays which could potentially in turn do naughty things to anything which connects to them. The main value for most readers here probably lies though in the introduction it gives to some of what goes into an HDMI interface, and in accessing the i2c interface therein.
[Zak Kemble] likes to build things, and for several years has been pining over various Raspberry Pi products with an eye on putting them into service as a router. Sadly, none of them so far provided what he was looking for with regard to the raw throughput of the Gigabit Ethernet ports. His hopes were renewed when the Compute Module 4 came on scene, and [Zak] set out to turn the CM4 module into a full Gigabit Ethernet router. The project is documented on his excellent website, and sources are provided via a link to GitHub.
Of course the Compute Module 4 is just a module- it’s designed to be built into another product, and this is one of the many things differentiating it from a traditional Raspberry Pi. [Zak] designed a simple two layer PCB that breaks out the CM4’s main features. But a router with just one Ethernet port, even if it’s GbE, isn’t really a router. [Zak] added a Realtek RTL8111HS GbE controller to the PCIe bus, ensuring that he’d be able to get the full bandwidth of the device.
The list of fancy addons is fairly long, but it includes such neat hacks as the ability to power other network devices by passing through the 12 V power supply, having a poweroff button and a hard reset button, and even including an environmental sensor (although he doesn’t go into why… but why not, right?).
Testing the RouterPi uncovered some performance bottlenecks that were solved with some clever tweaks to the software that assigned different ports an tasks to different CPU cores. Overall, it’s a great looking device and has been successfully server [Zak] as a router, a DNS resolver, and more- what more can you ask for from an experimental project?
We like projects where old gear is given a new life. [Splashdust] has a twenty-year old business firewall that’s build like a tank. He cracks it open and finds a complete x86 embedded motherboard inside, and sets off to restore it and turn it into a retro gaming computer (see the video from his Odd & Obsolete YouTube channel below the break).
This business firewall and router box is from a small Swedish firm Clavister, part of their S-Series from the early 2000s. The motherboard appears to be a generic one used in other equipment, and is powered by a VIA Eden ESP 4000 running at 400 MHz. The Eden line of x86 processors were low-power chips targeting embedded applications. The graphics chip is a Twister T by S3 Graphics which was purchased by VIA in 2000. After replacing the electrolytic capacitors, and making a few cables, [Splashdust] pops in a PCI sound card and boots up into Windows 98 from a CF card (we like the compact PCB vise he uses).
In two follow-up videos (here and here), he builds an enclosure (instructions on Thingiverse) and tries out several other operating systems. He was able to get the Tiny Core Linux distribution running with the NetSurf browser, but failed to get Windows 2000 or XP to work. Returning to Windows 98, he tweaks drivers and settings and eventually has a respectable retro-gaming computer for his efforts. The next time you’re cleaning out your junk bins, have a peek inside those pizza-box gadgets first — you may find a similar gem.
Those who have children of their own might argue that the youth of today are getting far too much internet time. [Nick] decided to put an emergency stop to it and made this ingenious internet kill switch to threaten teenagers with. Rather unassuming on the outside, the big red button instantly kills all network traffic as soon as you push it down, doing its label justice. Reset the toggle button, and the connection is restored, simple as that.
In order to achieve this, [Nick] fit inside the enclosure a Raspberry Pi Zero W, along with a battery and a wireless charging circuit for portability and completely wireless operation. The button is wired into the Pi’s GPIO and triggers a command to the router via SSH over WiFi, where a script listening to the signal tells it to drop the network interfaces talking to the outside world. It’s simple, it’s clean, and you can carry it around with you as a warning for those who dare disobey you. We love it.
It seems the older I get, the density of broken and/or old laptops on my garage grows. That’s one of the reasons it’s interesting to know which projects are being made to bring back to life these things. [zigzagjoe] sent us an interesting project he made out of a Lenovo Yoga 2 motherboard: a pfsense router/firewall.
The laptop was damaged, but the main board was functioning just fine. What started as adding an old Pentium heatsink to it and see how good it would work, escalated to a fully working, WiFi, 4 port gigabyte NIC, 3D printed case firewall. The board had PCI-E via an M.2 A/E key slot for the WiFi module but [zigzagjoe] need a normal PCI-E slot to connect the quad-port NIC. He decided to hand solder the M.2 A/E (WiFi card) to have a PCI-E 1x breakout since his searches for an adapter came out empty or too expensive. For storage, he chose 16GB SanDisk U100 Server half-slim SSD for its power efficiency. Once again, the SSD cable had to be hacked as the laptop originally used a super-slim HDD with a non-standard connector. The enclosure was then designed and 3D printed.
But [zigzagjoe] went further to optimize his brand new router/firewall. On the project documentation, we can see a lot of different modifications went into building it, such as bios modification for new WiFi modules to work, an Attiny85 fan driver for extra cooling, a 45W PSU inside the case and other interesting hacks.
This is not your typical laptop to firewall hack, that’s for sure.
Researchers in the past have exfiltrated information through air gaps by blinking all sorts of lights from LEDs in keyboards to the main display itself. However, all of these methods all have one problem in common: they are extremely noticeable. If you worked in a high-security lab and your computer screen started to blink at a rapid pace, you might be a little concerned. But fret not, a group of researchers has found a new light to blink (PDF warning). Conveniently, this light blinks “randomly” even without the help of a virus: it’s the hard drive activity indication light.
All jokes aside, this is a massive improvement over previous methods in more ways than one. Since the hard drive light can be activated without kernel access, this exploit can be enacted without root access. Moreover, the group’s experiments show that “sensitive data can be successfully leaked from air-gapped computers via the HDD LED at a maximum bit rate of 4000 bit/s (bits per second), depending on the type of receiver and its distance from the transmitter.” Notably, this speed is “10 times faster than the existing optical covert channels for air-gapped computers.”
We weren’t born last night, and this is not the first time we’ve seen information transmission over air gaps. From cooling fans to practical uses, we’ve seen air gaps overcome. However, there are also plenty of “air gaps” that contain more copper than air, and require correspondingly less effort.
When you want to protect a computer connected to the Internet against attackers, you usually put it behind a firewall. The firewall controls access to the protected computer. However, you can defeat any lock and there are ways a dedicated attacker can compromise a firewall. Really critical data is often placed on a computer that is “air gapped.” That is, the computer isn’t connected at all to an insecure network.
An air gap turns a network security problem into a physical security problem. Even if you can infect the target system and collect data, you don’t have an easy way to get the data out of the secure facility unless you are physically present and doing something obvious (like reading from the screen into a phone). Right? Maybe not.
Researchers in Isreal have been devising various ways to transmit data from air walled computers. Their latest approach? Transmit data via changing the speed of cooling fans in the target computer. Software running on a cellphone (or other computer, obviously) can decode the data and exfiltrate it. You can see a video on the process below.