Anti-virus software is often used to mitigate all sorts of attacks levied against computers, but what about their displays? Turns out, those can be manipulated in much the same manner as a pair of security researchers have demonstrated.
At the annual Def Con hacker convention in Las Vegas, Ang Cui and Jatin Kataria from Red Balloon Security said that in their spare time over the past two years, they reverse-engineered a Dell U2410 monitor to determine how it worked. In the process, they discovered that Dell hadn’t implemented any security with regard to how they update the display controller’s firmware.
What this means is that someone with access to the monitor’s USB or HDMI port can manipulate the on-screen pixels with nefarious intent. In one example, the two demonstrated the ability to change a PayPal account balance from $0 to $1 million.
In theory, cyber attackers could use the method to permanently display a message on a screen and only remove it if a ransom is paid. I’m not exactly sure how that would actually play out given the need for physical access to the monitor but it’s at least plausible.
What’s more, a bad actor could use the technique to spy on a user by logging the pixels that the monitor generates.
Although they’ve only performed the hack on a Dell monitor, the security researchers said it’s also theoretically possible to replicate the attack on displays from other brands including Acer, Hewlett Packard and Samsung.
The duo say their goal is to raise awareness for monitor security.
Those interested in checking out the code behind the technique can do so by clicking here.
Image courtesy Pressmaster, Shutterstock