Your monitor can be hacked, used to spy on you

Shawn Knight

Shawn Knight

Posts: 15,282   +192
Staff member

Anti-virus software is often used to mitigate all sorts of attacks levied against computers, but what about their displays? Turns out, those can be manipulated in much the same manner as a pair of security researchers have demonstrated.

At the annual Def Con hacker convention in Las Vegas, Ang Cui and Jatin Kataria from Red Balloon Security said that in their spare time over the past two years, they reverse-engineered a Dell U2410 monitor to determine how it worked. In the process, they discovered that Dell hadn’t implemented any security with regard to how they update the display controller’s firmware.

What this means is that someone with access to the monitor’s USB or HDMI port can manipulate the on-screen pixels with nefarious intent. In one example, the two demonstrated the ability to change a PayPal account balance from $0 to $1 million.

In theory, cyber attackers could use the method to permanently display a message on a screen and only remove it if a ransom is paid. I’m not exactly sure how that would actually play out given the need for physical access to the monitor but it’s at least plausible.

What’s more, a bad actor could use the technique to spy on a user by logging the pixels that the monitor generates.

Although they’ve only performed the hack on a Dell monitor, the security researchers said it’s also theoretically possible to replicate the attack on displays from other brands including Acer, Hewlett Packard and Samsung.

The duo say their goal is to raise awareness for monitor security.

Those interested in checking out the code behind the technique can do so by clicking here.

Image courtesy Pressmaster, Shutterstock

Permalink to story.

https://www.techspot.com/news/65878-monitor-can-hacked-used-spy-you.html

 
Monitor: Deposit $500 in the account below to remove this message.

User: [dials phone]

Jimmy: Hello?

User: Jimmy, you know you're the only one who's been at my place in the past three weeks, right?

Jimmy: Well, that's random.

User: The ransomware on my screen isn't.

Jimmy: Uh...

User: I know where you live, Jimmy.

Jimmy: ...I'll be right over.
 
  • Like
Reactions: Reehahs, Spence1115 and GreenNova343
Have these fools even price shopped monitors recently?

For example, here's a 24" (give or take) Dell (the very brand in question):
18aed797-2d74-4953-a55a-7efc79f10a55_1.7089e38b72fdd414b560efff420ca9b8.jpeg

If you take notice of the huge "Dell" logo in the middle of the screen, it's being ransomed by Newegg at this very moment, for $129.95. I have an email code for an additional $10.00 off > EMCEMEK29 < But if I tell it to you, I'll have to kill you..

Hey WAIT, that code was all X's when I typed it in! My monitor must be watching me..:eek: No that can't be, can it? :confused:

But OTOH, I'm using Windows 7, so M$ doesn't have a keylogger installed.

I'll be back, I'm going to try and get a hold of these "security consultants". What was their address again, One Nowhere Circle, 3rd basement on the left, counterclockwise from the outlet?

You too could have one of these security nightmares for your very own! But act fast, the sale ends @ 11:59 PT tonight. http://www.newegg.com/Product/Produ...80616-Index-_-LCDLEDMonitors-_-24260311-S1A1B
 
  • Like
Reactions: oldikes and Evernessince
The monitor that you're linking and the one they reverse engineered are two different models.

The Dell U2410 came out in 2010

The Dell SE2416H is from 2015

How do we know this hasn't been addressed already by dell ?
 
Lionvibez said:
The monitor that you're linking and the one they reverse engineered are two different models.

The Dell U2410 came out in 2010

The Dell SE2416H is from 2015

How do we know this hasn't been addressed already by dell ?
Click to expand...
Unless some stranger has been knocking on your door telling you that he, (or she), must absolutely gain access to your monitor for a firmware update, I don't think you have to worry about it. Although, you do have to be very careful about techs who show up at your door, who have "Dell" on their shirts, in either Chinese characters, or Cyrillic letters. :eek:
 
So a hack that potentially affects all dell monitors from the same generation as the U2410? Even if we did assume that it doesn't require physical access you'd still be looking at only 2% or less of the market. This is just another reason against having always connected devices. It's a good thing monitors aren't like smart TVs that always connected to the internet.
 
Boy, I'll tall ya, anyone that says click bait articles aren't fun, simply doesn't know how to have a good time...(y):cool:
 
Just think how much fun you could have in an IT department hacking a company with thousands of PCs. Assuming of course all the monitors were the same.

Seriously though what company would use all the same monitor. You would literally have to have a firmware update for each model, much less brand.
 
<h1>turn on monitor</h1>
<h1>turn on secret camera</h1>
<h1>record function on</h1>
<h1>stream recording to the public displays outside</h1>
<h1>turn off coffee machine</h1>
<h1>watch the chaos</h1>
<h1>call the boss on his cell phone</h1>
<h1>enable speech changer</h1>
<h1>ask for $ to repair internal breach</h1>
<h1>wait for the money</h1>
 
Security researchers have an inherent monetary interest in making everyone think security holes exist.
 
So they could manipulate pixels on the display, which I can see as annoying. but nothing is actually affected on the computer. so simply resetting or applying proper firmware would fix the "problem", or at worst swap out the monitor... this seems extremely low potential for any real damage. but high potential for some fun
 
  • Like
Reactions: Skidmarksdeluxe and cliffordcooley
This is as funny as way back when when they claimed phone modems could be "infected". lol
 
That Other Guy said:
So they could manipulate pixels on the display, which I can see as annoying. but nothing is actually affected on the computer. so simply resetting or applying proper firmware would fix the "problem", or at worst swap out the monitor... this seems extremely low potential for any real damage. but high potential for some fun
Click to expand...
Yeah. I don't think this is anything any of us should over concern ourselves with. One day we'll read about them being able to spy on us via our mouse pads.
 
I have a U3011 and they can spy on me all they want. I like Football, porn with 2 girls 1 guy and calling Craigslist sellers just to talk about life.
 
I had a generic monitor from fry's that did some unusual things. Might firmware already be installed by the manufacturer? Come to think of it, this doesn't happen on the replacement (generic) monitor. For some reason, I would get like new beta versions of yahoo's website before I saw it on any other computer, and I thought it was the computer. Now that the monitor is replaced I never see that.
 
There is nothing wrong with your computer (or its monitor). Do not attempt to adjust the picture. We are controlling it. We will control the horizontal. We will control the vertical. We can roll the image, make it flutter. We can change the focus to a soft blur or sharpen it to crystal clarity. Sit quietly and we will control all that you see and hear until you pay the ransom. We repeat: there is nothing wrong with your computer, so pay up! LOL

For those of you who remember the Outer Limits!
.
 
  • Like
Reactions: captaincranky and cliffordcooley
I guess the most important question would be is this realistically plausible in the wild? Regardless, an amazing feat by the sec researchers
 
bobc4012 said:
There is nothing wrong with your computer (or its monitor). Do not attempt to adjust the picture. We are controlling it. We will control the horizontal. We will control the vertical. We can roll the image, make it flutter. We can change the focus to a soft blur or sharpen it to crystal clarity. Sit quietly and we will control all that you see and hear until you pay the ransom. We repeat: there is nothing wrong with your computer, so pay up! LOL

For those of you who remember the Outer Limits!
.
Click to expand...
You know you can post video, right?

 
You must log in or register to reply here.

Similar threads

midian182
Google awarded $10 million in bug bounties last year, the second highest in the program's...
Replies
2
Views
136
toooooot
T
A
Reconfigurable transistors can be programmed to execute different functions
Replies
2
Views
142
Puiu
Puiu
midian182
Russia warns US, again: SpaceX satellites used for military purposes may become targets
2
Replies
28
Views
502
Endymio
Endymio

Latest posts

Back