UK spy agency releases malware-blocking gadget for HDMI and DisplayPort cables — SilentGlass blocks malicious traffic traveling between display and computer

SilentGlass malware-over-HDMI/DP blocker — (Image credit: NCSC)

The UK’s Government Communications Headquarters (GCHQ), a counterpart to the U.S.’s National Security Agency (NSA), just launched SilentGlass through the National Cyber Security Center (NCSC). This little gadget was announced during CYBERUK, a government-sponsored cyber security conference, and is designed to block malicious traffic traveling between a display and a PC. According to the NCSC, it built and designed this plug-and-play device to protect government estates and has been “approved for use in the most high-threat environments.”

The government has since licensed the design to Goldilock Labs, a UK-based cybersecurity firm that specializes in hardware that automatically cuts physical connections during a cyberattack, limiting potential damage to a network. It has partnered with Sony UK Technology Center to make the product available globally, although the firm has yet to put the product publicly available on the market.

“Display screens and monitors are everywhere in modern business environments, and the SilentGlass device will help protect previously vulnerable IT infrastructure with unprecedented ease,” NCSC Chief Technology Officer Ollie Whitehouse said, “Its development and commercialization show the impact that the NCSC can have, alongside industry partners, with an affordable and effective product now globally available.” Goldilock Labs co-founder Stephen Kines also said, “SilentGlass addresses a gap that has been widely overlooked. The hardware interfaces people rely on every day have rarely been treated as security boundaries, despite being exposed to risk through supply chains, third-party servicing, and direct physical access.”

Latest Videos From

While SilentGlass is an interesting security device, some information security experts question the actual need for it. Cybersecurity expert Scott McGready said on X, “Can anyone genuinely tell me what risk this is addressing or is it a solution in search of a problem?” After all, most common cyberattacks do not use video signals as an attack vector. Nevertheless, that does not mean that it’s impossible to take advantage of HDMI and DisplayPort to exfiltrate information.

Way back in 2020, a research paper revealed a technique which subtly changed monitor brightness to steal data from air-gapped PCs, while a more recent study showed that AI can use signals leaking from HDMI cables to reconstruct what the target computer is displaying. These aren’t likely problems for the billions of home and office computers around the globe, as these techniques are complicated and would often cost more to deploy than the potential data they can gather from the average civilian.

However, these vulnerabilities could be potential weak links in the security of government agencies and defense companies that deal with sensitive information. This makes them targets for nation-states who have the means and resources to use these attack vectors. The UK government has reportedly deployed this little gadget in some of its computers, and it’s now making it available for anyone else to purchase. We don’t have pricing for SilentGlass yet, but this likely won’t interest the average PC user. But for users who deal with state secrets and confidential technologies, this gadget could potentially protect their systems from a potential vulnerability that will most likely be used by technically advanced adversaries.

Follow Tom's Hardware on Google News, or add us as a preferred source, to get our latest news, analysis, & reviews in your feeds.

TOPICS

Jowi Morales is a tech enthusiast with years of experience working in the industry. He’s been writing with several tech publications since 2021, where he’s been interested in tech hardware and consumer electronics.

6 Comments Comment from the forums

bit_user

The article said:
“Can anyone genuinely tell me what risk this is addressing or is it a solution in search of a problem?”
HDMI and DisplayPort both support upstream data traffic. Based on their description, I'd guess the point of the device is to block that.

Otherwise, a compromised monitor could be used in a supply-chain attack on air-gapped systems. It's like plugging in a compromised USB stick, but most people don't see it that way.
Reply
chaz_music

The security issue is on both directions, as @bit_user commented. I have personally seen some TV's that were behaving badly (compromised?) as well as set-top boxes. So any of the digital video cables/protocols could be an issue (HDMI, Display Port, DVI, Thunderbolt, USB). I think one of the earliest TV/monitor companies to get caught sending screen images back to corporate servers was Vizio. By now, I would expect more to be trying that. The Roku boxes share something with their mother-ship to send you ads base upon what you watched. But I think most of those devices do that now.

I would also expect anything attached to a TV/monitor with a CPU could be an attack vector: gaming box, peripheral, display, any HMI device in general, digital based stereo/amp, MP3 player, phone, etc. Does anyone remember the Sony rootkit days ~ circa 2005? That was very profound corporate based hacking, and I stopped buying all Sony products.
Reply
Notton

I saw this and was confused.
I read the article and now I am even more confused.

Also, did AI write this article? It was a tofu dreg of words and didn't explain anything meaningful.
In fact, the article could have easily been surmised as: "UK spy agency invents something stupid for a problem that doesn't exist, and we have no idea why, or what it actually does."
Reply
Penfolduk

Firstly, it is a viable risk. But, as the article points out, difficult to exploit. Most hackers would go for lower hanging fruit for their attack vectors.

But the more organised ones, mainly State Actors, would have the resouces to exploit it. So, as the article explains, it's meant for ultra-sensitive information uses.

A bit like no one thought the air-bricked Iranian uranium centrifuges were vulnerable until Stuxnet showed they were. And all that needed to be blocked was disabling the USB ports...
Reply
Tomdee1776

This is similar to the Tempest program back when CRT monitors were in use. Someone could sit outside a building with the appropriate antenna and monitor and reproduce everything that was being displayed on the remote CRT monitor. That's why the NSA building in Maryland had green windows due to all the shielding in the glass. Pretty color too! Cheers
Reply
AkroZ

I have read the official article and it's even more confusing and seems like a scam / spyware: the product target laptops where someone can plug a monitor and could see by example personal informations. This device address the issue in filtering the signal to not have more than the protocole.
If genuine it's most likely just a repeater, you can do the same thing with a cheap sound bar with an hdmi in and out. It will not protect against the attack vectors discussed, it will just avoid an infected laptop and monitor to communicate with something else than hdmi or display port protocol... (if you plug in).
Reply

Show more comments

Unparalleled insights. Industry analysis. Insider access.