A team led by Ang Cui (previously) -- the guy who showed how he could take over your LAN by sending a print-job to your printer -- have presented research at Defcon, showing that malware on your computer can poison your monitor's firmware, creating nearly undetectable malware implants that can trick users by displaying fake information, and spy on the information being sent to the screen.
It's a scarier, networked, pluripotent version of Van Eck phreaking that uses an incredibly sly backchannel to communicate with the in-device malware: attackers can blink a single pixel in a website to activate and send instructions to the screen's malware.
What's more, there's no existing countermeasure for it, and most monitors appear to be vulnerable.
In practice, Cui said this could be used to both spy on you, but also show you stuff that’s actually not there. A scenario where that could dangerous is if hackers mess with the monitor displaying controls for a power plant, perhaps faking an emergency.
“Can I get you to shut down the power plant?” Cui asked rhetorically, with a sly smile. “I can do that.”
The researchers warn that this is an issue that could potentially affect one billion monitors, given that the most common brands all have processors that are vulnerable.
A Monitor Darkly: Reversing and Exploiting Ubiquitous On-Screen-Display Controllers in Modern Monitors
[Ang Cui, Jatin Kataria and Francois Charbonneau/Defcon]
Hackers Could Break Into Your Monitor To Spy on You and Manipulate Your Pixels
(Image: Madonna in Oslo - Game Over, Ivar Abrahamsen, CC-BY-SA)
CutiePi is a tablet based on the Raspberry Pi: compact enough, but more open, versatile and hacker-friendly than mainstream models from Apple, Microsoft or the Google coprosperity sphere. CutiePi is a complete Raspberry Pi in a tablet form factor, minus the trouble of connecting monitor or power supply. It’s slimmer because of using Compute Module, […]
I am addicted to Thinkpads in large part because of the trackpoint (AKA "The Nipple") -- the little wiggly joystickbetween the G, H and B keys that allows me to control fine mouse-movements without bending my hand into the RSI-inducing trackpad position; between that and the amazing, best-in-class warranties, I am a committed Thinkpad user, […]
You can buy microcontrollers for as little as 3 cents, if you order a lot of them, a staggeringly cheap number even if you’re so young you don’t know a Zilog Z80 was $10 in 1978 money. But are these cheapo parts any good? Hackaday says they’re terrible, but Tim finds a role. [it] surely […]
Want to make a hit? The right software is out there for anyone, but any music producer will tell you that finding the right sound can still take time and talent. Still, the right tools are a great shortcut, which makes this Synth & Sound Pack Bundle absolutely priceless. And now that it’s on sale […]
Let’s face it: People at the gym aren’t bragging about their headphones. If they were that great, they’d be listening to them instead of talking about them. So while we’re sure those new PowerBeats Pro earbuds are something special, why would you shell out $250 for a tiny pair of speakers when comparable ones are […]
Big companies take on big projects. When they do that, they need a project manager to lay out a roadmap for the entire team – and they’re typically willing to pay a big paycheck to the person who can fill those shoes. So what does it take to become a project manager? If you don’t […]