1

Been given a smart tv that used to be used as display connected to a pc with a HDMI cable, now I'm using it as a display as well, over HDMI too.

I was thinking maybe when connected to a network or inserted an usb into the smart tv it could get infected, but what about when connected over HDMI cable?

As far as I know HDMI only transfers video and audio, but I think theorically it could transfer "raw data", not sure here, so how come my computer can identify the smart tv, brand and model, if only video and audio is being sent?

Also, how much of a risk would using it be given if one computer has some malware on it?

To clarify, I mean using this TV as a display with one computer at once.

Thanks in advance

Ezio Reina
  • 11
  • 1

1 Answers1

1

It is theoretically possible for a TV to get malware (either from the internet or a computer connected to it), and then for the TV to exploit a vulnerability in your computer's firmware, display drivers, or some other component it can talk to over HDMI (see @Esa Jokinen's comment about Ethernet over HDMI).

However, such malware would likely need to exploit multiple zero day vulnerabilities across different products in order to pivot in this way, and thus would probably be a very targeted and rare attack.

I do not think this is something the average person needs to worry about.

multithr3at3d
  • 12,355
  • 3
  • 29
  • 42
  • Then I guess it's unlikely the average garbage one come across (when watching movies in streaming in those webs withs hunders of pop ups and such, for example) can do such a thing. – Ezio Reina Dec 12 '20 at 23:13
  • Extremely unlikely... Yeah... But... Zero days? Why? How often do you expect old TV's without network connections to get firmware updates? – svin83 Dec 14 '20 at 07:10
  • @svin83 Yes, most likely would require zero days against the computer. For TV updates, maybe never, indeed, and there could be CVEs for it as well. But are the malware authors really going to do research and development on every single possible model/version of TV? – multithr3at3d Dec 14 '20 at 12:19
  • @multithr3at3d It would also require a the computer to have HDMI ports that can physically accept data... Most Graphics cards won't forward anything to the chipset, and most motherboards wouldn't accept CEC or Ethernet control data from a GPU so I would not call a TV dangerous... Unless it is an old "Smart" TV connected to your LAN... That's way worse... – svin83 Dec 14 '20 at 14:06