Security Team Prove That Your Monitor Can Be Hacked at DefCon!
Gareth Andrews / 8 years ago
Cyber security awareness is at an all-time high, with governments and organisations investigating and researching both new ways to monitor users and bypass security features while some are still looking at reinforcing and creating new methods to protect people from nefarious hackers. Two such people as Ang Cui and Jatin Kataria from Red Balloon Security, a pair who in their spare time have discovered that not only can a screen be hacked, but could even hold you to ransom or share your private details with someone who’s not even near your PC.
Cui and Kataria have spent their free time in the last two years researching the area of monitor security, a topic where the impact is typically underestimated by many. As demonstrated at this year’s Def Con, their efforts have not been in vain after successfully demonstrating a ransomware message projected directly to your screen, bypassing the entire computer.
The demonstration took place on a Dell U2410 monitor and through a good old fashion piece of reverse-engineering, the pair discovered that Dell, like many other companies, had not implemented any security against the display controllers firmware updates. The impact of this is that after gaining direct access to a monitor, such as through the devices HDMI or USB port, the pair were able to demonstrate the hack by changing a PayPal account balance from nothing to a million dollars, all through the screen.
It’s been explained that you could be held ransom, with certain areas of your screen blocked out until you pay up your hard earned money. What could be even worse is that the technique could be used to log pixels, with the logs then being picked up or transmitted back to another party at a later date. This would essentially give them a play by play of your screen, showing everything from bank details and social media details to confidential documentation.
The technique could theoretically be used against Acer, Hewlett-Packard, Samsung and a long list of manufacturers brands alongside Dell, all using the same approach. If this interests you, they’ve released the code online here in hopes of raising awareness of monitor security.