A team led by Ang Cui (previously) -- the guy who showed how he could take over your LAN by sending a print-job to your printer -- have presented research at Defcon, showing that malware on your computer can poison your monitor's firmware, creating nearly undetectable malware implants that can trick users by displaying fake information, and spy on the information being sent to the screen.
It's a scarier, networked, pluripotent version of Van Eck phreaking that uses an incredibly sly backchannel to communicate with the in-device malware: attackers can blink a single pixel in a website to activate and send instructions to the screen's malware.
What's more, there's no existing countermeasure for it, and most monitors appear to be vulnerable.
In practice, Cui said this could be used to both spy on you, but also show you stuff that’s actually not there. A scenario where that could dangerous is if hackers mess with the monitor displaying controls for a power plant, perhaps faking an emergency.
“Can I get you to shut down the power plant?” Cui asked rhetorically, with a sly smile. “I can do that.”
The researchers warn that this is an issue that could potentially affect one billion monitors, given that the most common brands all have processors that are vulnerable.
A Monitor Darkly: Reversing and Exploiting Ubiquitous On-Screen-Display Controllers in Modern Monitors
[Ang Cui, Jatin Kataria and Francois Charbonneau/Defcon]
Hackers Could Break Into Your Monitor To Spy on You and Manipulate Your Pixels
(Image: Madonna in Oslo - Game Over, Ivar Abrahamsen, CC-BY-SA)
The Verge’s Dieter Bohn reviews Microsoft’s Surface Pro X laptop. It’s pretty and it’s small, but it’s slow. … the core of Windows 10 runs just fine for me [but] there are still occasional, confounding slowdowns, especially when waking from sleep. In general, I just didn’t have as strong a feel for what would and […]
Sue-Lin Wong is the Financial Times's South China reporter; this week, she attended the China Public Security expo, the country's largest surveillance tech show, held biannually in Shenzhen.
A few years back, my older brother Rick Pescovitz invented the “Under the Weather Pod,” a single-person pop-up shelter to sit inside. It’s designed for spectator sports, fishing, and other outdoor events where it’s raining but you are either obligated to watch or having so much fun you don’t want to leave. Most recently, he […]
Got some aches that a lazy rubdown won’t put a dent in? Give your muscles an early Christmas with these massage guns. If you’ve never tried one, they’re all designed to bring deep tissue relief, and they’re all at Black Friday prices now. JAWKU Muscle Blaster V2 Cordless Percussion Massage Gun This cordless massager exerts […]
Just about everybody from small-time app developers to big database administrators loves Linux. But just because it’s open-source doesn’t mean its secrets are open to everybody. For that, you need a comprehensive training program like the Complete Linux System Administrator Bundle. If you’re chasing any kind of career in coding, this is the online regimen […]
If you want to be an app developer for Android, there’s never been a better time. Languages like Kotlin are tailor-made for functionality, and the Jetpack suite of tools makes the whole process easier. The only hurdle is learning your way around these tools, and that’s where the Android Jetpack & App Development Certification Bundle […]