Def Con is a great event for hackers and security researcher to show their latest findings — This time, a researcher has demonstrated how hackers can spy on you using your device’s monitor!
Monitors are considered passive and invulnerable to hacks. But a researcher begs to differ with this common notion. The only thing a monitor does is receive data and turn it into pixels. But to do so, the monitor requires a small computer. This ‘small computer’ is susceptible to hacks.
A security research group found a way to hack into a monitor and manipulate displayed content, let alone spy on the user. It would be a nightmare if the monitor were turned against you in such a way. The hacker would have access to everything that displays on your monitor including very confidential stuff such as passwords to various sites.
Ang Cui, alongside some of his colleagues presented the hack during the Def Con hacking conference in Las Vegas last week. Cui is a chief scientist at the Red Balloon Security and holds a doctorate from the Columbia University and the same person who during Def Con 2015 demonstrated how users need to shield their PC from Radiofrequency to stop hackers from stealing their personal data using radio sound waves.
The hacks work like any other hack. First, the hacker has to trick you into downloading malware to your system; this is done by either luring you into a website or using a phishing link. The malware you download in this case targets the firmware computer in the monitor. The computer in question is the one responsible for brightness adjustments and other such functions of the monitor.
Once the malware infects the system, it awaits instructions from the hacker. The malware receives instructions via blink pixels, which could be in a video or website. The blinking pixel simply uploads code to the monitor. The malware can effectively accomplish two things. First, it spies on you by sending the displayed on your monitor to the hacker. Secondly, the hacker can alter the display, thereby displaying whatever the hacker wants to display.
Cui warned that such a hack could affect billions of people around the globe given that most monitors have processors that are rather vulnerable to intrusions. Cui says that “if you have a monitor, the high chances are that you are already hacked.”
But there is a catch. Images load slowly if the malware is to be used to alter the display. Therefore, the hack should be effective on industry based computers since the images on the display are mostly static.
Cui pointed out that we now live in a world where we cannot even trust the monitor. Cui’s work was to demonstrate that the hack is possible. The group does not intend to use the hack but warn the manufacturers of the possible consequences.
Last year Cui demonstrated how a printer could be used as a bugging device.