This PC monitor hack that can manipulate pixels for malicious effect has raised security concerns
Did you know that your passive looking computer display can be hacked? That is what a group of researchers demonstrated at DEFCON hacking conference in Las Vegas on Friday by hacking directly into the small computer that controls the display without entering the actual computer. They showed a way to manipulate the tiny pixels found on a computer monitor.
“We can now hack the monitor and you shouldn’t have blind trust in those pixels coming out of your monitor,” Ang Cui, the lead researcher who came up with this creative hack, told Motherboard.
Cui, the chief scientist at Red Balloon Security and a recent PhD graduate from Columbia University, along with Jatin Kataria were inquisitive to know how Dell monitors worked. That’s where their curiosity resulted in reverse-engineering on one of the Dell monitors.
For their research, a Dell U2410 monitor was picked apart and it was discovered that the display controller inside can be used to change and log the pixels across the screen.
During their DEFCON presentation, they demoed how by making the user visit a malicious website or click on a phishing link, they could hack the monitor and apparently make changes to the details on a web page, specially the firmware. This is the computer that controls the menu to make adjustments to the brightness and other simple settings on the monitor.
For instance, they were able to change a PayPal’s account balance from $0 to $1 million, when in reality the pixels on the monitor had just been reconfigured.
Both Cui and Kataria spent over two years of their spare time to discover the vulnerability in a not so simple hack. During this time, they carried out researches to understand the technology inside the Dell monitor.
However, they also found it was possible to theoretically hack monitors of other brands, such as Hewlett Packard, Samsung and Acer too, as most of the common brands have processors that are vulnerable.
The key issue lies in the monitors’ software or the firmware implanted inside. “There’s no security in the way they update their firmware, and it’s very open,” said Cui, who is also CEO of Red Balloon.
The exploit needs the HDMI or USB port in order to gain access to the monitor. Once the exploit is finished, the hack could pave the way for more malicious attacks, including ransomware.
“Cyber criminals could emblazon a permanent message on the display, and ask for payment to remove it,” Kataria said. “Or they could even spy on users’ monitors, by logging the pixels generated,” he added.
However, the presentation made by the researchers was to create awareness about computer monitor security. They also wanted to show that it is possible to hack a computer monitor and that we shouldn’t consider them as untouchable, unhackable things. The hacking code has been posted to their research online.
“Is monitor security important? I think it is,” Cui said. “We now live in a world where you can’t trust your monitor,” Cui concluded.
Source: PC World