Your monitor can be hacked, used to spy on you

Shawn Knight

TechSpot Staff
Staff member

Anti-virus software is often used to mitigate all sorts of attacks levied against computers, but what about their displays? Turns out, those can be manipulated in much the same manner as a pair of security researchers have demonstrated.

At the annual Def Con hacker convention in Las Vegas, Ang Cui and Jatin Kataria from Red Balloon Security said that in their spare time over the past two years, they reverse-engineered a Dell U2410 monitor to determine how it worked. In the process, they discovered that Dell hadn’t implemented any security with regard to how they update the display controller’s firmware.

What this means is that someone with access to the monitor’s USB or HDMI port can manipulate the on-screen pixels with nefarious intent. In one example, the two demonstrated the ability to change a PayPal account balance from $0 to $1 million.

In theory, cyber attackers could use the method to permanently display a message on a screen and only remove it if a ransom is paid. I’m not exactly sure how that would actually play out given the need for physical access to the monitor but it’s at least plausible.

What’s more, a bad actor could use the technique to spy on a user by logging the pixels that the monitor generates.

Although they’ve only performed the hack on a Dell monitor, the security researchers said it’s also theoretically possible to replicate the attack on displays from other brands including Acer, Hewlett Packard and Samsung.

The duo say their goal is to raise awareness for monitor security.

Those interested in checking out the code behind the technique can do so by clicking here.

Image courtesy Pressmaster, Shutterstock

Permalink to story.

 
Last edited by a moderator:
D

davislane1

Monitor: Deposit $500 in the account below to remove this message.

User: [dials phone]

Jimmy: Hello?

User: Jimmy, you know you're the only one who's been at my place in the past three weeks, right?

Jimmy: Well, that's random.

User: The ransomware on my screen isn't.

Jimmy: Uh...

User: I know where you live, Jimmy.

Jimmy: ...I'll be right over.
 

captaincranky

TechSpot Addict
Have these fools even price shopped monitors recently?

For example, here's a 24" (give or take) Dell (the very brand in question):

If you take notice of the huge "Dell" logo in the middle of the screen, it's being ransomed by Newegg at this very moment, for $129.95. I have an email code for an additional $10.00 off > EMCEMEK29 < But if I tell it to you, I'll have to kill you..

Hey WAIT, that code was all X's when I typed it in! My monitor must be watching me..:eek: No that can't be, can it? :confused:

But OTOH, I'm using Windows 7, so M$ doesn't have a keylogger installed.

I'll be back, I'm going to try and get a hold of these "security consultants". What was their address again, One Nowhere Circle, 3rd basement on the left, counterclockwise from the outlet?

You too could have one of these security nightmares for your very own! But act fast, the sale ends @ 11:59 PT tonight. http://www.newegg.com/Product/Product.aspx?Item=N82E16824260311&utm_medium=Email&utm_source=EXPRESS080616&cm_mmc=EMC-EXPRESS080616-_-EMC-080616-Index-_-LCDLEDMonitors-_-24260311-S1A1B
 

Lionvibez

TS Evangelist
The monitor that you're linking and the one they reverse engineered are two different models.

The Dell U2410 came out in 2010

The Dell SE2416H is from 2015

How do we know this hasn't been addressed already by dell ?
 

captaincranky

TechSpot Addict
The monitor that you're linking and the one they reverse engineered are two different models.

The Dell U2410 came out in 2010

The Dell SE2416H is from 2015

How do we know this hasn't been addressed already by dell ?
Unless some stranger has been knocking on your door telling you that he, (or she), must absolutely gain access to your monitor for a firmware update, I don't think you have to worry about it. Although, you do have to be very careful about techs who show up at your door, who have "Dell" on their shirts, in either Chinese characters, or Cyrillic letters. :eek:
 

Evernessince

TS Evangelist
So a hack that potentially affects all dell monitors from the same generation as the U2410? Even if we did assume that it doesn't require physical access you'd still be looking at only 2% or less of the market. This is just another reason against having always connected devices. It's a good thing monitors aren't like smart TVs that always connected to the internet.
 

captaincranky

TechSpot Addict
Boy, I'll tall ya, anyone that says click bait articles aren't fun, simply doesn't know how to have a good time...(y):cool:
 

cliffordcooley

TS Redneck
Just think how much fun you could have in an IT department hacking a company with thousands of PCs. Assuming of course all the monitors were the same.

Seriously though what company would use all the same monitor. You would literally have to have a firmware update for each model, much less brand.
 

commanderasus

TS Addict
<h1>turn on monitor</h1>
<h1>turn on secret camera</h1>
<h1>record function on</h1>
<h1>stream recording to the public displays outside</h1>
<h1>turn off coffee machine</h1>
<h1>watch the chaos</h1>
<h1>call the boss on his cell phone</h1>
<h1>enable speech changer</h1>
<h1>ask for $ to repair internal breach</h1>
<h1>wait for the money</h1>
 

wiyosaya

TS Evangelist
Security researchers have an inherent monetary interest in making everyone think security holes exist.
 

That Other Guy

TS Enthusiast
So they could manipulate pixels on the display, which I can see as annoying. but nothing is actually affected on the computer. so simply resetting or applying proper firmware would fix the "problem", or at worst swap out the monitor... this seems extremely low potential for any real damage. but high potential for some fun
 

Skidmarksdeluxe

TS Evangelist
So they could manipulate pixels on the display, which I can see as annoying. but nothing is actually affected on the computer. so simply resetting or applying proper firmware would fix the "problem", or at worst swap out the monitor... this seems extremely low potential for any real damage. but high potential for some fun
Yeah. I don't think this is anything any of us should over concern ourselves with. One day we'll read about them being able to spy on us via our mouse pads.
 

amstech

IT Overlord
I have a U3011 and they can spy on me all they want. I like Football, porn with 2 girls 1 guy and calling Craigslist sellers just to talk about life.
 

tonylukac

TS Evangelist
I had a generic monitor from fry's that did some unusual things. Might firmware already be installed by the manufacturer? Come to think of it, this doesn't happen on the replacement (generic) monitor. For some reason, I would get like new beta versions of yahoo's website before I saw it on any other computer, and I thought it was the computer. Now that the monitor is replaced I never see that.
 

bobc4012

TS Booster
There is nothing wrong with your computer (or its monitor). Do not attempt to adjust the picture. We are controlling it. We will control the horizontal. We will control the vertical. We can roll the image, make it flutter. We can change the focus to a soft blur or sharpen it to crystal clarity. Sit quietly and we will control all that you see and hear until you pay the ransom. We repeat: there is nothing wrong with your computer, so pay up! LOL

For those of you who remember the Outer Limits!
.
 

JW0914

TS Member
I guess the most important question would be is this realistically plausible in the wild? Regardless, an amazing feat by the sec researchers
 

captaincranky

TechSpot Addict
There is nothing wrong with your computer (or its monitor). Do not attempt to adjust the picture. We are controlling it. We will control the horizontal. We will control the vertical. We can roll the image, make it flutter. We can change the focus to a soft blur or sharpen it to crystal clarity. Sit quietly and we will control all that you see and hear until you pay the ransom. We repeat: there is nothing wrong with your computer, so pay up! LOL

For those of you who remember the Outer Limits!
.
You know you can post video, right?