A team led by Ang Cui (previously) -- the guy who showed how he could take over your LAN by sending a print-job to your printer -- have presented research at Defcon, showing that malware on your computer can poison your monitor's firmware, creating nearly undetectable malware implants that can trick users by displaying fake information, and spy on the information being sent to the screen.
It's a scarier, networked, pluripotent version of Van Eck phreaking that uses an incredibly sly backchannel to communicate with the in-device malware: attackers can blink a single pixel in a website to activate and send instructions to the screen's malware.
What's more, there's no existing countermeasure for it, and most monitors appear to be vulnerable.
In practice, Cui said this could be used to both spy on you, but also show you stuff that’s actually not there. A scenario where that could dangerous is if hackers mess with the monitor displaying controls for a power plant, perhaps faking an emergency.
“Can I get you to shut down the power plant?” Cui asked rhetorically, with a sly smile. “I can do that.”
The researchers warn that this is an issue that could potentially affect one billion monitors, given that the most common brands all have processors that are vulnerable.
A Monitor Darkly: Reversing and Exploiting Ubiquitous On-Screen-Display Controllers in Modern Monitors
[Ang Cui, Jatin Kataria and Francois Charbonneau/Defcon]
Hackers Could Break Into Your Monitor To Spy on You and Manipulate Your Pixels
(Image: Madonna in Oslo - Game Over, Ivar Abrahamsen, CC-BY-SA)
SOG’s $60 Sync II “wearable belt buckle” multitool isn’t the only multitool/buckle on the market, but it does add a couple very sensible innovations, like a clip-on/clip-off base that lets you use your tool without taking off your belt, and a squared-off form factor (like a pair of folding travel sewing scissors) that adapts the […]
This week on Cool Tools’ Maker Update: Kitty Grabs Gold, a beer cooler that follows you, the Circuit Playground Express, Adafruit and Microsoft, Other Machine Co. and Bre Pettis, Tinkercad Lego export, a great kit for gadget and toy hacking, and Maker Faires. Our featured Cool Tool is the iFixit Electronics Tool Kit. Check out […]
The mechanical Royal Kludge keyboard (Update: in stock here) seems to do well with Amazon reviewers, but there are no guarantees you’ll receive one with the coveted OFF/NO switch.
If you are camping during rainy season, or just want a TSA-approved lighter, these plasma torches make perfect travel companions. These gas-free lighters create a small plasma beam that’s safer than butane to use and more environmentally friendly. It creates a super-hot, splashproof flame so you can get a campfire going, or have a smoke […]
If you don’t want to get stuck footing the bill for a hit and run, this dashboard-mounted camera offers up to 2K resolution to make sure you always have a reliable witness, and it’s available in the Boing Boing Store for 30% off it’s usual price.The PapaGo mounts unobtrusively to your windshield to see everything […]
While some people still maintain that everything in Apple’s walled garden “just works” and is immune to the rampant malware of the Windows world, the reality is different. The Mac’s growing market share has made it a much more viable target for malicious actors, and its built-in tools aren’t always enough to fix things. Drive […]