2

I have to give a presentation at my university. In the room where I'm going to give the presentation, there is a projector with a HDMI, Display Port, or USB connection. I will have to plug one of them into my laptop.

My question: Could my laptop be infected with malware via one of these connectors? It should be noted that there are probably a lot of other students that have already used them, so the probability that they have already been connected to an infected device is probably quite high.

schroeder
  • 123,438
  • 55
  • 284
  • 319
auto_driving_q
  • 43
  • 3
  • Can a projector be infected or host a malware ? – elsadek Jul 26 '22 at 05:12
  • The answer is yes. It’s possible. But the type of organization or individual that can pull off such an attack are unlikely to target people indiscriminately. Why do you specifically feel that this device in this classroom is going to be used for such an attack against you? – RibaldEddie Jul 26 '22 at 05:23
  • Just use DisplayPort if you can, HDMI otherwise. You'll be fine. – A. Hersean Jul 26 '22 at 11:35
  • Relevant: https://security.stackexchange.com/questions/258000/how-evil-could-an-hdmi-vga-adapter-be – schroeder Jul 26 '22 at 16:25

3 Answers3

2

Yes, but it is probably irrelevant.

From the connectors, at least USB is dangerous. It does not only allow many different types of possibly dangerous access like DMA, but there are also devices which, for example, emulate a keyboard and start to type malicious commands as soon as you plug them in.

But it is very unlikely that the projector uses such an attack. The projector itself is probably harmless (when it was bought), otherwise other people would already have complained. I am also not aware of any projector that had malicious firmware.

The question if it can be infected is an interesting one as many modern devices run actual operating systems. It wouldn't be that unlikely that a projector may have an Android system that allows to present slides without plugging in a computer, and such a system can be vulnerable.
But I am also not aware of a malware that first infects an Android (on the device) and then tries to infect computers that are connected to the device. It could also be possible using USB-OTG mode, but very unlikely to find in the wild.

The bottom line is, that I would trust a projector in an university not to infect my device.

allo
  • 3,173
  • 11
  • 24
2

It is possible maybe, but I would rate the probability that it is indeed infected as very low. The USB is also probably the only viable attack vector. Also, I have never seen an infected projector.

This would be a highly custom attack. Which will have quite a bad cost/benefit to an attacker. To do such an attack, I would believe that you would need to buy the projector. Then create and test a Malware for it and then somehow be able to bring it to the installed projector. In the end, from the point of view of the attacker, he would just have created an expensive and time costly one time use malware. You can't easily spread it unless everybody uses said projector and you still need to go to every projector one by one as a human malware carrier (not efficient for infection rate over time).

Bottom-line I'd be more careful about usb-drives (thumb drives), random keyboards, maybe usb-cables in public. They can and are used for malicious purposes. But you can trust your projector at School.

AnafiFlyer
  • 21
  • 2
1

Not all of these can spread malware, so I am not sure why others have not been clear about HDMI.

From the three pieces of tech you asked about.

  1. HDMI will not transfer malware.
  2. Display ports such as thunderbolt can since it transfers data.
  3. USB can also transfer data such as malware.

If security is your concern go with HDMI.

moo
  • 67
  • 9