Just stop believing everything you see on your screen, as it turns out that even your computer monitor can be hacked.
You have seen hackers targeting your computer, smartphone, and tablet, but now, it has been proved that they can even compromise your monitor and turn them against by just changing the pixels displayed on the screen.
A group of researchers demonstrated at DEFCON hacking conference in Las Vegas on Friday by hacking directly into the small computer that controls the display without entering the actual computer. They showed a way to manipulate the tiny pixels found on a computer monitor.
For instance, they were able to change a PayPal’s account balance from $0 to $1 million, when in reality the pixels on the monitor had just been reconfigured.
However, they also found it was possible to theoretically hack monitors of other brands, such as Hewlett Packard, Samsung and Acer too, as most of the common brands have processors that are vulnerable.
“We can now hack the monitor and you shouldn’t have blind trust in those pixels coming out of your monitor,” Ang Cui, the lead researcher who came up with this creative hack, told Motherboard.
According to the researchers, an attacker first needs to gain physical access to the monitor's USB or HDMI port which would then help the attacker access the firmware of the display.
Both Cui and Kataria spent over two years of their spare time to discover the vulnerability in a not so simple hack. During this time, they carried out researches to understand the technology inside the Dell monitor.
The duo said they discovered the hack by reverse-engineering a Dell U2410 monitor, it took over two years.
In the process, the pair found out that Dell had not implemented any security measures with regard to the process to update the display controller’s firmware, which allowed for this hack.
This means that anyone with malicious intent and access to the monitor’s USB or HDMI port would be able to hijack monitor — which involves injecting malicious firmware with the help of a drive-by attack — as well as manipulate the on-screen pixels.
A determined attacker could exploit a monitor to actively spy on what you are doing, what you are seeing and even steal your data.
However, it’s not an easy hack.
“How practical is this attack?” Cui told Paul Wagenseil on Tom’s Guide, “Well, we didn't need any privileged computer access to do this. How realistic is the fix? It's not that easy. How do you build more secure monitors in the future? We don't know.”
0 comments:
Post a Comment