A team led by Ang Cui (previously) -- the guy who showed how he could take over your LAN by sending a print-job to your printer -- have presented research at Defcon, showing that malware on your computer can poison your monitor's firmware, creating nearly undetectable malware implants that can trick users by displaying fake information, and spy on the information being sent to the screen.
It's a scarier, networked, pluripotent version of Van Eck phreaking that uses an incredibly sly backchannel to communicate with the in-device malware: attackers can blink a single pixel in a website to activate and send instructions to the screen's malware.
What's more, there's no existing countermeasure for it, and most monitors appear to be vulnerable.
In practice, Cui said this could be used to both spy on you, but also show you stuff that’s actually not there. A scenario where that could dangerous is if hackers mess with the monitor displaying controls for a power plant, perhaps faking an emergency.
“Can I get you to shut down the power plant?” Cui asked rhetorically, with a sly smile. “I can do that.”
The researchers warn that this is an issue that could potentially affect one billion monitors, given that the most common brands all have processors that are vulnerable.
A Monitor Darkly: Reversing and Exploiting Ubiquitous On-Screen-Display Controllers in Modern Monitors
[Ang Cui, Jatin Kataria and Francois Charbonneau/Defcon]
Hackers Could Break Into Your Monitor To Spy on You and Manipulate Your Pixels
(Image: Madonna in Oslo - Game Over, Ivar Abrahamsen, CC-BY-SA)
Samsung’s folding phone, which will ding buyers about two grand after tax, is already in deep trouble: the review units sent to journalists are dying after hours of use. CNBC’s Todd Haselton writes that it was “a tantalizing glimpse of the future — before it broke.” During my second day of testing, the screen began […]
Who wouldn’t want to buy a telescreen from Facebook, the least-trusted privacy merchant on Earth, so that they may be placed around the house? The obviously despised Facebook Portal will now be half-price, reports Matt Navarra. Details: No, you’re not misremembering the details from that young adult dystopian fiction you’re reading — Facebook really does […]
Time 4 Machine is a Ukrainian design shop led by Denis Okhrimenko; their latest project is "The most beautiful construction set in the world", a set of thin steel parts that you bend together to make (yes) beautiful mechanical models: a business-card case, a tractor, a working clockwork timer, a vintage sportscar, a springpowered cabriolet, […]
The digital age is well and truly upon us, but let’s not forget there’s a load of free TV content floating literally over our heads. No, we’re not talking about the internet. Signals from major broadcast networks are still gratis for anyone who can pick them up with an antenna. And before you envision those […]
Who said LEGO® had to be ground bound? With The Force Flyers DIY Building Block Fly ‘n Drive Drone, you can turn LEGO® and other building-block creations into fully-functional flying machines. It’s available now in the Boing Boing Store for $39.99. This kit comes with everything you need for remote-controlled long distance flight, including a […]
When businesses need big cloud projects done right, they need experts in DevOps. For the uninitiated, that’s shorthand for the framework that allows development and operations teams to work together toward the same goal – not as independent departments with their own agendas. There’s an arsenal of software that has cropped up to help in […]