Understanding the risks
What are the threats?
EDID attacks
Modern display interfaces, such as HDMI, DVI, or DisplayPort, currently represent an underestimated attack surface, particularly through data manipulation EDID (Extended Display Identification Data).
Research conducted by security teams has shown that malformed or deliberately altered EDIDs can exploit vulnerabilities in graphics drivers, cause abnormal behaviors, or trigger memory overflows.
Moreover, the auxiliary channels integrated into these interfaces — such as I²C (DDC/CI) or CEC — can be abused to interact directly with a system or remotely manipulate certain display parameters.
This reality now positions screens and their connections as potential intrusion vectors, justifying increased attention in any physical or hardware security strategy.
HID attacks
The HID attacks exploit the implicit trust that systems place in standard input devices such as keyboards and mice.
By masquerading as a legitimate HID device, a malicious USB device can automatically execute a sequence of keystrokes or commands as soon as it is connected, thereby bypassing security policies applicable to traditional storage devices.
These attacks, made famous by devices such as theUSB Rubber Ducky, allowing for the rapid injection of malicious payloads, opening remote sessions, or compromising a system without user interaction, thanks to keyboard emulation recognized by default by operating systems.
Their effectiveness relies on execution speed, the ability to bypass traditional protections, and the difficulty for both the user and security solutions to distinguish a tampered HID device from an authentic device.
This is thus a particularly dangerous intrusion vector, capable of bypassing antivirus, USB filtering, or other control mechanisms, as highlighted by studies describing their operation and operational impact.
What are the standards and how to secure your system?
Thezoningconsists of segmenting a system intodistinct security zones, each grouping assets that share a level of criticality and homogeneous protection requirements. This structural principle aims tolimit the spread of a compromise, by requiring that all inter-zone communications pass throughcontrolled conduits, filtered and monitored.
The IEC 62443 standard
The standardIEC 62443directly formalizes this model: segmentation intozones and conduitsis a central element of the secure architecture of industrial systems, explicitly described in its systemic requirements. This approach is part of the philosophy ofdefense in depth.encouraged by the standard, which recommends securing each subset independently rather than relying on a single perimeter barrier.
The IEC 15408 standard
Zoning also resonates in the standardsIEC 15408 / Common Criteria, used in particular to certify equipment handling multiple security domains: the NIAP protection profiles (based on IEC 15408) indeed impose astrict isolation between networks or classification levels, in order to prevent any data leakage or cross-contamination, particularly in switches and device sharing equipment.
NIAP Profile PP4.0
TheNIAP Protection Profile 4.0 (PSD v4.0)defines the security requirements for device sharing devices (including secure KVMs), to ensure that no data can flow between computers via these devices, imposing strict isolation, unidirectional flows, and protections against sabotage or information leakage.
EAL4+
EAL4+ is a level of assurance of the Common Criteria that guarantees that a product has undergone thorough testing, analysis, and verification, offering one of the highest levels of trust achievable for commercial solutions.
Tempest
The TEMPEST standard encompasses tests aimed at preventing any information leakage via the electromagnetic emissions of equipment, in order to avoid electronic eavesdropping.
TAA / BAA compliance (USA)
TAA/BAA compliance requires that equipment sold to U.S. federal agencies be manufactured in approved countries or in the United States, ensuring controlled and qualified origin of the products.