4

Somewhat related to Is malware or screen capture possible with iMac as external display?, where we investigate the possibility of a DMA attack through DisplayPort, nowadays, many machines don't even have a dedicated port for connecting an external display, but instead of rely on a single USB Type-C port type to accommodate both in and out power delivery and charging, as well as networking, external display graphics (through DisplayPort or HDMI Alternate Mode), as well as the plain-old USB.

With the advice against using USB ports in airports finally becoming mainstream now in 2019 — https://www.zdnet.com/article/officials-warn-about-the-dangers-of-using-public-usb-charging-stations/ — what are you supposed to do as an end user to use an external display? Do manufacturers do any sort of threat modelling here, or are we supposed to assume that noone would spend the time to develop fully functional malware infecting computers and networks of speakers at various conferences?

Is the best practice now to outright refuse giving a presentation from your own laptop in auditoriums where the laptop and the external monitor equipment have distinct owners? Or is there a way to protect yourself from being potentially exposed thanks to such a versatile port as USB Type-C?

schroeder
  • 123,438
  • 55
  • 284
  • 319
cnst
  • 1,884
  • 2
  • 19
  • 30
  • There's also a follow-up question that's limited specifically to the connector and adapters — https://security.stackexchange.com/q/221836/16831 – cnst Nov 25 '19 at 22:07
  • 1
    "Do manufacturers do any sort of threat modelling here" -- there is no single answer to that, and any answer does not affect your question. The second part does not follow the first. – schroeder Nov 26 '19 at 07:54
  • 2
    Your two questions boil down to a very simple, and on-topic, question: How can we protect ourselves from infected or malicious hardware using USB-C? – schroeder Nov 26 '19 at 07:56

1 Answers1

0

You could disable removable storage devices using group policy while still allowing the other devices such as monitors to function. I believe this is something similar to what we do: https://serverfault.com/questions/576768/disable-usb-mass-storage-access-on-client-machines

  • The target audience is probably MacOS users; most Windows laptops have dedicated HDMI ports in addition to USB Type-C. – cnst Nov 25 '19 at 23:45
  • Gotcha. We use port replicators through USB-C that two monitors connect to using display port. Then disable anything storage related including CD/DVD drives. – GSCodeMan Nov 25 '19 at 23:48