We all know the fact that hackers can get access to personal data by hacking computer, smartphone or tablet.
Ang Cui and Jatin Kataria from Red Balloon Security concluded that Monitor is also not as safe as it seems at first sight.
“Do not trust the pixels on the screen”, said they and demonstrated how to hack a computer through its monitor.
For example they changed a PayPal’s account balance from $0 to $1 million, but actually only the pixels on the monitor had simply been changed.
In order to realize such an attack, the hacker would first need physical access to the monitor, namely, to the USB port or HDMI, which allow access to the controller and firmware.
The hacker needs to trick victims into visit a malicious website or click on a phishing link to attack the firmware running on the embedded computer that controls the monitor.
Then the attacker can place an implant in the firmware and it will work in accordance with his directions. The attacker can transmit data to the implant using a blinking pixel hidden in any website or video.
Also it was noted that the attack isn’t fast because of slow images loading. So such method of hacking could be effective on those monitors which have mostly statics picture, the control console of an industrial control system.
The hack can be dangerous. In fact, even the substitution of a single button can lead to very unpleasant consequences. So the status indicator in the power system management interface can be changed from green to red. Even a small change can trigger off the power plant.
It’s really hard and complicated but not impossible, the experts have worked for two years to prove this.
During their working with Dell U2410 Ang Cui and Jatin Kataria have found that Dell didn’t provide any mechanism to protect the display controller from unauthorized updates. It allowed experts to make changes to the firmware device. Unfortunately antivirus software for monitors doesn’t exist.
It should be mentioned that not only Dell monitors can be hacked using this method, according to the Red Balloon Security researchers other brands such as Samsung, Acer, and Hewlett-Packard could be attacked in the same way.
All source code including working exploit for Dell 2410U, researchers published on GitHub.
Filed under: Vulnerability News
This post first appeared on Malwarelist.net – Your Information Security Source, please read the originial post: here
