The list of ways we can be spied upon seems nearly endless, but you can add one more to that list: active screen snooping via your vulnerable monitor. And that’s just one flavor of attack that can be pulled off by exploiting monitors.
You might not agree with everything you read online, but you can usually trust that what you are reading was actually published somewhere by someone. Whether or not you like what the balance is in your banking account, most folks would not expect that number to be faked. The same would be true for a person monitoring critical infrastructure, but the information being displayed on a computer monitor can be manipulated and may not be the truth.
That’s not all, according to researchers; another monitor exploitation attack scenario includes covertly exfiltrating data using Funtenna-like techniques.
After two years of research and reverse engineering, working on the processor that controls the monitor and its firmware, Red Balloon Security researchers figured out how to hack a monitor without hacking the computer to which it is connected.
At DEF CON, Red Balloon chief scientist Dr. Ang Cui and principal research scientist Jatin Kataria presented “A Monitor Darkly: Reversing and Exploiting Ubiquitous On-Screen-Display Controllers in Modern Monitors.” They even posted their Monitor Darkly proof-of-concept code and REcon 0xA presentation on GitHub.
By exploiting a hacked monitor, they could manipulate the pixels and add a secure-lock icon by a URL. They could make a $0 PayPal account balance appear to be a $1 billion balance. They could change “the status-alert light on a power plant's control interface from green to red.”
The team started by tearing apart a Dell U2410 monitor and eventually figuring out how to change pixels on the screen. They found out the firmware is not delivered securely. An attacker would need to gain access to the monitor via the HDMI or USB port, but then the monitor would be pwned. One scenario sounded like ransomware, not letting the user get past the message displayed on the monitor unless he or she bowed to extortion.
It’s not just Dell monitors that are vulnerable. The researchers noted (pdf), “Many monitors were harmed in the making of this presentation.” They determined that many brands, including Acer, HP and Samsung, are vulnerable to the undetectable firmware attack. In fact, Motherboard reported that about 1 billion monitors may be vulnerable.
Lorenzo Franceschi-Bicchierai wrote:
In practice, Cui said this could be used to both spy on you, but also show you stuff that’s actually not there. A scenario where that could be dangerous is if hackers mess with the monitor displaying controls for a power plant, perhaps faking an emergency.
“Can I get you to shut down the power plant?” Cui asked rhetorically, with a sly smile. “I can do that.”
The researchers warn that this is an issue that could potentially affect 1 billion monitors, given that the most common brands all have processors that are vulnerable.
There are easier ways to trick multiple users at the same time and have their monitors display something that is not true, such as by installing a Newstweek device at wireless hotspots; it can be used by a remote attacker to manipulate the news of everyone at a hotspot.
Nevertheless, it probably didn’t occur to most of us that our monitors at work or at home could be lying to us by showing something that’s incorrect. If an attacker could gain access to many monitors, then the hack could affect many people at once, such as having monitors that stock traders use show bogus information.
A determined attacker could exploit a monitor to actively spy on what you are doing, what you are seeing and even steal your data.
However, it’s not an easy hack.
“How practical is this attack?” Cui told Paul Wagenseil on Tom’s Guide, “Well, we didn't need any privileged computer access to do this. How realistic is the fix? It's not that easy. How do you build more secure monitors in the future? We don't know.”