Talk Title:

Who Monitors the Monitors? Hacking the Monitor Control Command Set

Abstract:

The Monitor Control Command Set (MCCS) is a ubiquitous standard used on display monitors everywhere. Originally meant to allow user-mode software to control simple settings like brightness and contrast, vendors have added proprietary extensions to enable complex features such as anti-theft, multi-monitor overlays, and more.

The secret to this functionality lies in a select range of 32 bytes defined in the VESA MCCS Standard for manufacturer-specific control codes. These control codes allow manufacturers to support proprietary and non-standard features that can be controlled over MCCS.

However, providing "a standard way to do non-standard things" is a common weakness in common standards due to a lack of scrutiny and poor documentation. Despite the warnings by the standard about the risks of overusing these control codes, manufacturers have pushed the limits of this loophole beyond what was originally intended.

Despite the physical security boundary of monitors, there is still an inherent trust in supposedly "dumb" hardware. On the other hand, display monitor client software is often automatically installed as part of trusted applications and driver installations. How secure is this arrangement? Could plugging in to a display monitor lead to an exploit on your computer, and vice versa?

In this presentation, I will dive into the MCCS standard and the communication protocols that enable display monitor usage in millions of devices today. I will discuss interesting vulnerabilities in manufacturer-specific control code implementations and unusual features in both software clients and display monitors. In addition, I will demonstrate the methodology used to reverse-engineer these proprietary implementations and uncover hidden or undisclosed features. Finally, I will share new tools to fuzz and dynamically test MCCS implementations over the wire and locally.

Speaker Bio:

Eugene Lim is a security researcher and white hat hacker. From Amazon to Zoom, he has helped secure applications from a range of vulnerabilities. He seeks to improve application security and secure user data through collaborative security engineering.