Is it possible to detect that any HDMI/DVI video grabber is attached?

[eiger5678]

Hi,
hope you don't mind asking this question here - I am not interested in capturing but rather in preventing capture, or more realistically, at least detecting that screen is captured. I was a bit desperate where to ask, an this forum seems to attract the right crowd.

Is there a possibility to recognize legitimate external monitor from illegitimate video grabber?

We are a small IT company, potentially dealing with sensitive data, no top secrets but still. We would like to enable employees to work from home, connecting to their desktop using some remote desktop system.

I am fully aware that 100% securing is impossible but I would like to try to do maximum to prevent unauthorized content copying.

I thing there is good chance to detect software screen capturing, assuming I can ban virtualization and effectively enforce that; assume smart IT guys, they will not reach for PrintScreen they will go hardware.

I am especially worried by latest generation of external hardware screen recorders, HDMI/DVI video grabbers like Epiphan System AV.io or Elgato Game Capture. They offer even lossless video grabbing! They are expensive, yes, but not prohibitively. Is there any chance to detect them?

Do you know HDMI/DVI sends some data back? Assume acting as output only connectors. Even plain old VGA connector send some data back, like resolutions supported by the attached monitor. So I am a bit hopeful that there might be a way, a communication pattern, potentially signalling attached grabbing device.

Assume employees, for which working from home is rather a privilege, so they would put up with some restrictions. Like ban to use virtualization. Or install daemon/service to check compliance with rules (ie video grabber attached) periodically checking that the daemon is running. I cannot ban HDMI/DVI as not everyone is on laptop, some do need external monitors.

Thank you

[aedipuss]

illegitimate video grabber? LOL. hire employees that aren't off the most wanted list and pay them well so they like and support your company. dvi is one directional, hdmi can return audio using arc. even hdcp can be defeated using strippers that can remove the hdcp information from the video signal so the video can play on non-hdcp-compliant displays.

[Bjs]

No period ... but then you can make it right pain in the backside.

1: Supply hardware with external image ports physically disabled (including usb ports) cancels out externally connected recorders / displays
2: Some anti glare screens make capturing clean images from camera devices almost impossible.
3: Security software with rules covering clipboard monitoring.
4: Method to secure gpu hardware whilst working with sensitive data via remote to prevent gpu cloning (both hardware and software)
5: Contract with surveillance at home office when accessing data

After that its keep that data locked up on site.

[eiger5678]

Thank you Bjs
you made a few good points, let me address them:

Taking pictures from screen by camera. It is often cited as the ultimate proof of that protecting visual content is impossible. Yes it is undetectable but also gives very poor results. It is surprisingly it is more difficult that imagined. Even without anti-glare filters. How do I know? I tried myself I fiddle with a setup for hours, using semi-pro equipment, being myself a DSLR hobbyist, using several laptops, but still too many artifacts, blurring of edges, visible screen RGB components, strange "waves", everything is so sensitive. Results when run through OCR had too many issues. To steal few pages - yes; to steal lost of research data - no. To steal a lots of precise text & numerical data would require very, very determined person with lots of time to his disposal. My verdict - I can live with risks here.

And here where external video grabbers come on the scene - they had none of issues described above, notably the lossless and they are - and that is core of my question - probably undetectable!

Let me put this straight - my concern is not to BLOCK, I am realistic enough, my concern is to DETECT that someone is most/quite probably screen grabbing. And then just keep an eye on him/her. Not allow him/her to work from home for some time, not entrusting such person with the most sensitive data etc. Cheap and effective solution!

So is how to detect video grabbers? From what I remember from linux tools, like dmesg, most devices these days communicate with the PC, especially USB devices, they tell you who they are and what they do, what protocols they support etc. Even analog (dumb) VGA port gives feedback in form of what frequencies and resolutions attached screen supports.

No external dongle it seems is purely input only, always sends some "echoes" back. Everything seems to be detectable then. But I am not sure with output DVI/HDMI ports generally, and specially in connection with the screen recorders.

Supply hardware with external image ports physically disabled (including usb ports) cancels out externally connected recorders / displays

Yes, that is a backup plan. Problem is, it is the most expensive option. If I had a budget for it, that would be my preference. It can be circumvented too, but again, it would require a very determined person.

Security software with rules covering clipboard monitoring.

Sure. That I can be achieved, to DETECT, not necessary prevent, but detected it can be - with some voluntarily installed daemons, yes, I quite positive here.

Some anti glare screens make capturing clean images from camera devices almost impossible

As I wrote above, taking pictures with external camera is not my main concern.

After that its keep that data locked up on site.

Certainly. The cheapest option. For most sensitive data, the only one. No doubts about it.

[badyu17]

Easy, don't allow them to work from home if you are that concerned. Other than that, signing NDA papers, some legal threat?

[sum_guy]

In any endeavor for better security, there is only so much you can do, often based on what you can budget, a determined individual with enough time and fortitude can break all but the impossible. We (where I work) have determined you have to assume there is no security and that you will eventually deal with someone or some entity that will get past your security.