NCSC and Goldilock Labs Launch 'SilentGlass' to Secure Vulnerable Monitor Connections

Executive Summary

The UK's National Cyber Security Centre (NCSC), a part of GCHQ, has taken a novel step into hardware security by developing and licensing its first intellectual property, a device called SilentGlass. This 'plug-and-play' tool is designed to mitigate a specific and often-overlooked threat: cyberattacks conducted through computer monitor connections such as HDMI and DisplayPort. The device acts as a hardware-based data diode, physically ensuring that only a one-way flow of video signals can occur, thereby blocking any potential for data exfiltration or command injection through the display interface. The NCSC has licensed the technology to Goldilock Labs for commercial production, targeting government agencies, critical infrastructure, and security-conscious enterprises.

Threat Overview

Modern computer monitors are no longer simple display units; they are complex devices with their own firmware and processing capabilities. This complexity creates a new attack surface. The NCSC warns that threat actors can exploit vulnerabilities in the firmware of monitors or the protocols used by HDMI and DisplayPort to conduct attacks. These attacks could include:

• Espionage: Capturing screenshots or video output directly from the video stream before it is encrypted by software.
• Network Intrusion: Using a compromised monitor as a pivot point to inject malicious commands or data back into the connected computer, potentially bypassing software-based security controls.
• Data Exfiltration: A compromised monitor could be used to exfiltrate data over a covert channel, separate from the main computer's network stack.

SilentGlass is designed to physically sever any potential bidirectional data channel, addressing the threat at the hardware layer. It enforces a one-way data flow from the computer to the monitor, making it impossible for the monitor to send data back to the computer.

Technical Analysis

SilentGlass is essentially a specialized hardware firewall or data diode for video signals. Its core function is to break all data-carrying pins within an HDMI or DisplayPort cable except for those required for video and audio transmission. This prevents techniques like:

• Hot Plug Detect (HPD) Exploitation: Manipulating the HPD signal to trigger malicious actions in the host operating system's graphics driver.
• I2C/DDC Bus Hijacking: The Display Data Channel (DDC) is a low-bandwidth, bidirectional bus used for identifying the monitor's capabilities. An attacker could use this channel to send malicious data back to the host. SilentGlass physically severs this connection.
• USB-C/Thunderbolt Exploitation: While focused on HDMI/DisplayPort, the principle extends to more complex connectors like USB-C that can carry display signals alongside other data. In these cases, a device like SilentGlass would ensure only the DisplayPort Alternate Mode pins are active and unidirectional.

This approach aligns with the MITRE ATT&CK technique T1200 - Hardware Additions, but from a defensive perspective, preventing a malicious hardware component (the compromised monitor) from affecting the host system.

Impact Assessment

For most organizations, the threat of an attack via a monitor connection is low but high-impact. However, for government, defense, and critical infrastructure sectors handling highly sensitive information, this is a significant threat vector for espionage. The commercial availability of SilentGlass provides a tangible, verifiable countermeasure for these high-security environments. It represents a strategic shift towards securing the physical layer of IT infrastructure, which is often assumed to be trusted. The partnership between a national cybersecurity agency (NCSC) and a commercial company (Goldilock Labs) is also a notable model for bringing government-developed security technology to a wider market.

Detection & Response

SilentGlass is a preventative control, not a detection tool. However, detecting the underlying threat it mitigates would require highly specialized techniques:

• Firmware Analysis: Periodically dumping and analyzing the firmware of monitors and other peripherals to look for modifications or implants.
• Signal Analysis: Using specialized hardware to monitor the electrical signals on HDMI/DisplayPort cables for anomalous data not conforming to the video signal specification.

These methods are generally beyond the capabilities of most organizations, which is why a preventative hardware solution like SilentGlass is being promoted.

Mitigation

• Deploy Hardware-Based Protectors: For high-security environments, deploy devices like SilentGlass on all connections to external peripherals, especially displays.
• Supply Chain Security: Procure monitors and other peripherals only from trusted, vetted manufacturers. Be wary of devices sourced from unknown or untrusted suppliers.
• Physical Security: Maintain strong physical security controls to prevent unauthorized access to workstations, which could allow an attacker to tamper with or replace peripherals.
• Network Segmentation: Even if a host is compromised via a peripheral, strong network segmentation can limit the attacker's ability to move laterally and access other parts of the network. This is a key principle of D3FEND's Network Isolation (D3-NI).