TechSpot

Your monitor can be hacked, used to spy on you

By Shawn Knight
Aug 7, 2016
Post New Reply
  1. Anti-virus software is often used to mitigate all sorts of attacks levied against computers, but what about their displays? Turns out, those can be manipulated in much the same manner as a pair of security researchers have demonstrated.

    At the annual Def Con hacker convention in Las Vegas, Ang Cui and Jatin Kataria from Red Balloon Security said that in their spare time over the past two years, they reverse-engineered a Dell U2410 monitor to determine how it worked. In the process, they discovered that Dell hadn’t implemented any security with regard to how they update the display controller’s firmware.

    What this means is that someone with access to the monitor’s USB or HDMI port can manipulate the on-screen pixels with nefarious intent. In one example, the two demonstrated the ability to change a PayPal account balance from $0 to $1 million.

    In theory, cyber attackers could use the method to permanently display a message on a screen and only remove it if a ransom is paid. I’m not exactly sure how that would actually play out given the need for physical access to the monitor but it’s at least plausible.

    What’s more, a bad actor could use the technique to spy on a user by logging the pixels that the monitor generates.

    Although they’ve only performed the hack on a Dell monitor, the security researchers said it’s also theoretically possible to replicate the attack on displays from other brands including Acer, Hewlett Packard and Samsung.

    The duo say their goal is to raise awareness for monitor security.

    Those interested in checking out the code behind the technique can do so by clicking here.

    Image courtesy Pressmaster, Shutterstock

    Permalink to story.

     
    Last edited by a moderator: Aug 8, 2016
  2. BSim500

    BSim500 TS Guru Posts: 198   +272

    LOL. If they had physical access to your monitor they'd probably steal it rather than hope you fall for elaborate ransomware...
     
    NahNood, Lionvibez, Reehahs and 2 others like this.
  3. yRaz

    yRaz TS Evangelist Posts: 1,906   +954

    I don't really feel the need to monitor this problem
     
  4. davislane1

    davislane1 TS Evangelist Posts: 3,558   +2,362

    Monitor: Deposit $500 in the account below to remove this message.

    User: [dials phone]

    Jimmy: Hello?

    User: Jimmy, you know you're the only one who's been at my place in the past three weeks, right?

    Jimmy: Well, that's random.

    User: The ransomware on my screen isn't.

    Jimmy: Uh...

    User: I know where you live, Jimmy.

    Jimmy: ...I'll be right over.
     
    Reehahs, Spence1115 and GreenNova343 like this.
  5. captaincranky

    captaincranky TechSpot Addict Posts: 11,702   +1,886

    Have these fools even price shopped monitors recently?

    For example, here's a 24" (give or take) Dell (the very brand in question):
    [​IMG]
    If you take notice of the huge "Dell" logo in the middle of the screen, it's being ransomed by Newegg at this very moment, for $129.95. I have an email code for an additional $10.00 off > EMCEMEK29 < But if I tell it to you, I'll have to kill you..

    Hey WAIT, that code was all X's when I typed it in! My monitor must be watching me..:eek: No that can't be, can it? :confused:

    But OTOH, I'm using Windows 7, so M$ doesn't have a keylogger installed.

    I'll be back, I'm going to try and get a hold of these "security consultants". What was their address again, One Nowhere Circle, 3rd basement on the left, counterclockwise from the outlet?

    You too could have one of these security nightmares for your very own! But act fast, the sale ends @ 11:59 PT tonight. http://www.newegg.com/Product/Produ...80616-Index-_-LCDLEDMonitors-_-24260311-S1A1B
     
    ikesmasher and Evernessince like this.
  6. Lionvibez

    Lionvibez TS Evangelist Posts: 1,103   +346

    The monitor that you're linking and the one they reverse engineered are two different models.

    The Dell U2410 came out in 2010

    The Dell SE2416H is from 2015

    How do we know this hasn't been addressed already by dell ?
     
  7. captaincranky

    captaincranky TechSpot Addict Posts: 11,702   +1,886

    Unless some stranger has been knocking on your door telling you that he, (or she), must absolutely gain access to your monitor for a firmware update, I don't think you have to worry about it. Although, you do have to be very careful about techs who show up at your door, who have "Dell" on their shirts, in either Chinese characters, or Cyrillic letters. :eek:
     
  8. Evernessince

    Evernessince TS Evangelist Posts: 1,195   +592

    So a hack that potentially affects all dell monitors from the same generation as the U2410? Even if we did assume that it doesn't require physical access you'd still be looking at only 2% or less of the market. This is just another reason against having always connected devices. It's a good thing monitors aren't like smart TVs that always connected to the internet.
     
  9. captaincranky

    captaincranky TechSpot Addict Posts: 11,702   +1,886

    Boy, I'll tall ya, anyone that says click bait articles aren't fun, simply doesn't know how to have a good time...(y):cool:
     
  10. cliffordcooley

    cliffordcooley TS Guardian Fighter Posts: 8,556   +2,900

    Just think how much fun you could have in an IT department hacking a company with thousands of PCs. Assuming of course all the monitors were the same.

    Seriously though what company would use all the same monitor. You would literally have to have a firmware update for each model, much less brand.
     
  11. captaincranky

    captaincranky TechSpot Addict Posts: 11,702   +1,886

    Boy I'll tell you, just watch out for this guy. He's not a real Dell repair person...:eek:

    [​IMG]
     
  12. commanderasus

    commanderasus TS Enthusiast Posts: 53   +11

    <h1>turn on monitor</h1>
    <h1>turn on secret camera</h1>
    <h1>record function on</h1>
    <h1>stream recording to the public displays outside</h1>
    <h1>turn off coffee machine</h1>
    <h1>watch the chaos</h1>
    <h1>call the boss on his cell phone</h1>
    <h1>enable speech changer</h1>
    <h1>ask for $ to repair internal breach</h1>
    <h1>wait for the money</h1>
     
  13. wiyosaya

    wiyosaya TS Evangelist Posts: 1,043   +273

    Security researchers have an inherent monetary interest in making everyone think security holes exist.
     
  14. Skidmarksdeluxe

    Skidmarksdeluxe TS Evangelist Posts: 6,509   +2,056

    Not until they come up with a resolution. :)
     
    wiyosaya likes this.
  15. That Other Guy

    That Other Guy TS Rookie

    So they could manipulate pixels on the display, which I can see as annoying. but nothing is actually affected on the computer. so simply resetting or applying proper firmware would fix the "problem", or at worst swap out the monitor... this seems extremely low potential for any real damage. but high potential for some fun
     
  16. NahNood

    NahNood TS Enthusiast Posts: 28   +9

    This is as funny as way back when when they claimed phone modems could be "infected". lol
     
  17. cliffordcooley

    cliffordcooley TS Guardian Fighter Posts: 8,556   +2,900

    Imagine being able to control what and when the message shows. lol
     
  18. Skidmarksdeluxe

    Skidmarksdeluxe TS Evangelist Posts: 6,509   +2,056

    Yeah. I don't think this is anything any of us should over concern ourselves with. One day we'll read about them being able to spy on us via our mouse pads.
     
  19. amstech

    amstech TechSpot Enthusiast Posts: 1,457   +606

    I have a U3011 and they can spy on me all they want. I like Football, porn with 2 girls 1 guy and calling Craigslist sellers just to talk about life.
     
  20. tonylukac

    tonylukac TS Evangelist Posts: 1,310   +56

    I had a generic monitor from fry's that did some unusual things. Might firmware already be installed by the manufacturer? Come to think of it, this doesn't happen on the replacement (generic) monitor. For some reason, I would get like new beta versions of yahoo's website before I saw it on any other computer, and I thought it was the computer. Now that the monitor is replaced I never see that.
     
  21. yRaz

    yRaz TS Evangelist Posts: 1,906   +954

    We should be friends
     
    Last edited: Aug 9, 2016
  22. bobc4012

    bobc4012 TS Enthusiast Posts: 50   +27

    There is nothing wrong with your computer (or its monitor). Do not attempt to adjust the picture. We are controlling it. We will control the horizontal. We will control the vertical. We can roll the image, make it flutter. We can change the focus to a soft blur or sharpen it to crystal clarity. Sit quietly and we will control all that you see and hear until you pay the ransom. We repeat: there is nothing wrong with your computer, so pay up! LOL

    For those of you who remember the Outer Limits!
    .
     
    captaincranky and cliffordcooley like this.
  23. JW0914

    JW0914 TS Rookie

    I guess the most important question would be is this realistically plausible in the wild? Regardless, an amazing feat by the sec researchers
     
  24. captaincranky

    captaincranky TechSpot Addict Posts: 11,702   +1,886

    You know you can post video, right?

     
  25. PrimateGod

    PrimateGod TS Rookie

    Beware display model displays...
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...