← Back to context

Comment by felooboolooomba

13 hours ago

> A monitor cannot install software on your computer by the way.

I think everyone in the HN crowd knows that.

> the blame should be on Microsoft

No, they blame should ALSO be on Microsoft, they are the enablers.

> I think everyone in the HN crowd knows that.

I actually did not. I know there is some degree of two-way communication over HDMI/DP, and was curious if this was how the software was installed. I think discussing the technical details is a great use of the HN comment section.

(Wifi enabled display device -> HDMI -> Device) would be an incredibly interesting attack vector.

“I think everyone in the HN crowd knows that.”

I would think everyone in the HN crowd would be aware of HEAC, the hdmi Ethernet channel, etc.

With full access to the hosts tcp/ip stack, we’d do well not to overlook the potential vectors for a monitor to install software on your computer… especially when the operating system is complicit.

Ok, I don't use Windows and never will, so wasn't aware of this feature, and it would've been nice to have that context. Thought maaybe LG is exploiting a vuln in Windows via USB-C or over one of the niche HDMI features, but gathered it's not that.