Hackers often don’t target a system directly. Often too little is known about it to make a successful entry into the operating system, and you may be locked out of most options by a competent administrator. That’s why, if at all possible, you try to attack the machine physically with methods like inserting a keystroke logger into the keyboard port, or inserting a backdoor via an infected USB drive. Most people don’t think about the monitor being an attack vector, but two programmers, Ang Cui and Jatin Kataria, who work for Red Balloon Security, have figured out a way to hack into a monitor and get right down to the pixel level, even going so far as to manipulate images on the display directly.
The duo demonstrated their attack at Deb Conf 2016 held last week in Las Vegas, Nevada. They cracked open a Dell U2410 monitor and discovered that no security protocols applied when updating the monitor’s firmware. They then found a way into the system to upload their own firmware and optionally control the display directly, and were able to do crazy things like changing the images on-screen, or even logging all the pixel data to a remote server, essentially taking snapshots of your system as you used it. It won’t net them any passwords, but it would allow access to sensitive data, and all that’s needed is for a USB drive to be inserted into the monitor’s USB hub to gain access. Pretty cool!
Sign up for the NAG Weekend Edition, and get a super-special curated list of what's cool and trendy this week, delivered to your inbox every Friday. Plus, each month, one subscriber can win a prize sponsored by Apex Interactive!