There’s been plenty happening over at the Defcon 24 hacking conference in Las Vegas, and another worrying development is the emergence of news that the humble monitor can be hacked.
A monitor, hacked? How exactly? Well, that’s a good question, and the simple answer is that it’s possible to do so if an attacker can get physical access to the monitor’s USB or HDMI port – via which they can access the firmware of the display.
Two enterprising security experts, Ang Cui and Jatin Kataria (from Red Balloon Security) discovered this by reverse-engineering a Dell U2410 monitor. This was not a trivial process – it took over two years, as PC World reports – but the pair noted that there was a complete lack of security when it came to the firmware update process, which allowed for the hack.
Ransoming or spying
Once a monitor has been hacked, an attacker can manipulate the hardware to display a message permanently on-screen, for example – which could be a new strain of computer-based ransoming, demanding payment to remove said message.
Or perhaps even worse, particularly if we are talking about businesses, it could be possible to log the pixels generated by the monitor and effectively spy on the user.
The pair noted they embarked on their campaign to "highlight the lack of security in ‘modern’ on-screen-display controllers", and indeed they noted that monitors from other vendors – they’d also looked at Samsung, Acer and HP – could theoretically be hacked in the same fashion.
Of course, the physical access aspect – and the amount of work the security researchers had to put in – does limit the usefulness of this for would-be attackers, but it’s still undoubtedly a good wake-up call for monitor manufacturers.
And it also serves as a reminder for businesses to keep a careful eye on what goes on with the hardware inside their office.