computer monitor hack
By Gmechu Taye—
Just stop believing everything you see on your screen, as it turns out that even your computer monitor can be hacked.
You have seen hackers targeting your computer, smartphone, and tablet, but now, it has been proved that they can even compromise your monitor and turn them against by just changing the pixels displayed on the screen.
Although changing pixels is really hard and complicated, a team of security researchers at this year’s DEF CON says that it is not impossible.
Ang Cui and Jatin Kataria of Red Balloon Security has demonstrated a way to hack directly into the computer that controls monitor to see the pixels displayed on the monitor as well as manipulate the pixels in order to display different images.
You have seen hackers targeting your computer, smartphone, and tablet, but now, it has been proved that they can even compromise your monitor and turn them against by just changing the pixels displayed on the screen.
Although changing pixels is really hard and complicated, a team of security researchers at this year’s DEF CON says that it is not impossible.
Ang Cui and Jatin Kataria of Red Balloon Security has demonstrated a way to hack directly into the computer that controls monitor to see the pixels displayed on the monitor as well as manipulate the pixels in order to display different images.
How to Hack Computer Monitors?
According to the researchers, an attacker first needs to gain physical access to the monitor's USB or HDMI port which would then help the attacker access the firmware of the display.
The duo said they discovered the hack by reverse-engineering a Dell U2410 monitor, though it was not an easy process, as it took over two years.
In the process, the pair found out that Dell had not implemented any security measures with regard to the process to update the display controller’s firmware, which allowed for this hack.
This means that anyone with malicious intent and access to the monitor’s USB or HDMI port would be able to hijack monitor — which involves injecting malicious firmware with the help of a drive-by attack — as well as manipulate the on-screen pixels.
The researchers developed a working exploit, saying "We can now hack the monitor and you shouldn’t have blind trust in those pixels coming out of your monitor."
How Dangerous could the Monitor Hack possibly be?
Changing a single button could cause a huge amount of damage to the nation. The team gave an example by changing the status-alert light on the control interface of a power plant from Green to Red, which could trick someone into shutting down the power plant.
During their presentation, Cui and Kataria were also able to inject a photo onto a display and add a secure lock icon to the address field of a Web browser.
In one example, the team even demonstrated the ability to change PayPal balance from $0 to $1,000,000,000.
So, hackers do not require to infect your computer with a ransomware infection. If they can hack your monitor, they can manipulate the pixels to display a ransomware message permanently on your screen, demanding payment to remove the message.
This could be a new strain of computer-based Ransoming.
What's even Worse?
The hacker could log the pixels generated by the monitor and effectively spy on the target users.
The pair warns that this issue does not limit to just Dell monitors, but also potentially affects one Billion monitors all over the world, given that all of the most common brands have vulnerable processors.
However, there's a downside to this attack.
This type of attack is pretty easy to detect, as the image on a screen does not load nearly as fast as it would have before being infected.
So it's possibly not the most efficient way to manipulate things quickly on the computers of victims, who are sitting in front of their computers all the time.
But what about industrial control systems monitors, whose displays are mostly static?
Well, if hackers target industrial control console, the attack might be a lot harder to detect. So, stop trusting your monitors, peeps!
Those interested in checking out the code behind the technique can do so by clicking here.
No comments
Post a Comment