UK's NCSC Launches 'SilentGlass' Hardware to Block HDMI-Based Cyber Espionage

Executive Summary

The UK's National Cyber Security Centre (NCSC), a part of GCHQ, has developed and launched a hardware security device named SilentGlass. This plug-and-play tool is designed to mitigate the often-overlooked threat of cyber espionage and data exfiltration through video display connections like HDMI and DisplayPort. The device functions as a data diode for video signals, ensuring that only the intended display data can pass from the computer to the monitor, while actively blocking any other form of data transmission in either direction. The NCSC has already deployed this technology in high-threat UK government environments and is now commercializing it through a partnership with Goldilock Labs and the Sony UK Technology Centre to make it available to the broader public and private sectors.

Threat Overview

Modern monitors are no longer simple display devices; they are complex systems with their own processors, memory, and firmware (System-on-a-Chip or SoC). This complexity creates a new attack surface. A compromised monitor could potentially:

• Exfiltrate Data: Capture screenshots or record screen content and exfiltrate it over a hidden data channel through the video cable.
• Inject Malware: A malicious monitor could attempt to inject keystrokes or malicious code back into the host computer.
• Firmware Attacks: The monitor's own firmware could be compromised, creating a persistent and difficult-to-detect threat.

Video interfaces like HDMI and DisplayPort include auxiliary data channels (e.g., DDC/CI, CEC, Ethernet over HDMI) that are designed for legitimate purposes like controlling monitor settings or network connectivity, but can be abused by attackers. SilentGlass is designed to completely sever these auxiliary channels, creating a one-way, video-only physical link.

Technical Analysis

SilentGlass is effectively a hardware-enforced data diode specifically for video signals. It sits physically between the host computer's video output and the monitor's video input.

Its operation is based on a simple but powerful principle: it only allows the unidirectional flow of pixels. The device physically lacks the circuitry to transmit data on the auxiliary channels of the HDMI or DisplayPort standards. This isn't a software block that could be bypassed; it's a physical hardware limitation.

Key Features:

• Unidirectional Enforcement: Ensures data flows only from the computer to the monitor.
• Protocol Break: It terminates the connection from the PC and initiates a new, clean connection to the monitor, stripping out all non-video data.
• Plug-and-Play: Requires no software, drivers, or configuration, making it easy to deploy.
• High-Assurance: Designed and approved for use in high-threat government environments.

MITRE ATT&CK Mapping (Techniques Mitigated)

• Collection: T1114 - Email Collection, T1115 - Clipboard Data, T1113 - Screen Capture (Prevents a compromised monitor from exfiltrating this data).
• Command and Control: T1094 - Custom Command and Control Protocol (Prevents use of video cable auxiliary channels for C2).
• Hardware Maliciously Implanted: Mitigates the risk of a compromised monitor being used to attack the host computer.

Impact Assessment

The development of SilentGlass addresses a niche but critical security gap, particularly for organizations handling highly sensitive information, such as government agencies, defense contractors, financial institutions, and R&D departments. For these organizations, the risk of a sophisticated hardware-based attack, while low in probability, is extremely high in impact.

By commercializing this technology, the NCSC is democratizing a high-assurance security control that was previously only available to nation-states. This allows corporations to protect themselves against advanced adversaries who might employ hardware-level attacks. The partnership with Goldilock Labs and Sony ensures that the device can be manufactured at scale and made available globally, raising the baseline for physical and hardware security in the private sector.

IOCs — Directly from Articles

This article is about a defensive technology; there are no Indicators of Compromise.

Cyber Observables — Hunting Hints

This is a mitigation tool, not an attack. However, to identify systems that might need this protection, security teams could:

Detection & Response

SilentGlass is a prevention and isolation tool. It doesn't detect attacks but rather makes a class of attacks impossible. The 'detection' is effectively the device blocking unauthorized data transfer by design. There is no response procedure other than noting that the security control worked as intended. Organizations deploying SilentGlass should document its presence in their system security plans and asset inventories.

Mitigation

SilentGlass is itself a mitigation control. It is designed to be a simple, robust, and foolproof way to secure the physical link between a computer and its display.

1. Deployment: Identify critical systems where sensitive data is displayed. This includes executive workstations, secure conference rooms, and terminals used by operators in SCADA/ICS environments.
2. Procurement: Procure SilentGlass devices from the licensed manufacturer, Goldilock Labs.
3. Installation: Install the device in-line on the HDMI or DisplayPort connection for the identified critical systems.
4. Policy: Update security policies to mandate the use of such hardware protection for all systems processing data above a certain classification level.

This tool is a prime example of Security by Design, removing the possibility of an attack vector through physical hardware constraints rather than relying on software that can be subverted.

D3FEND Techniques:

• D3-IOPR: IO Port Restriction: This is a hardware implementation of I/O port restriction, specifically for the non-video channels of a display interface.