It is a common error consider monitors as a passive device that could not be exploited by attackers to hack our systems.
The reality is quite different, attackers could hijack every monitor and exploit them to access our system. A team of security researchers has devised a method to hack into the embedded computer that controls the monitor spying on the victims and manipulating the pixels on the screen.
The team was lead by Ang Cui, the chief scientist at Red Balloon Security, which presented the technique at the Def Con hacking conference in Las Vegas on Friday along with his colleagues.
The attack scenario is quite simple, the hacker has to trick victims into visit a malicious website or click on a phishing link to attack the firmware running on the embedded computer that controls the monitor.
The attacker can put an implant in the firmware that waits for his instructions. The attacker can send data to the implant through a blinking pixel that could be hidden in any web content (i.e. In a video or a website).
Ang Cui and his colleague Jatin Kataria of Red Balloon Security demonstrated how to hack a Dell U2410 monitor by compromising its display controller to change and log the pixels across the screen.
During the DEF CON presentation, they showed how to alter the details on a web page, they changed a PayPal’s account balance from $0 to $1 million.
Cui explained that the technique could be exploited to spy on the victim or to show images and videos that are not included in the content sent by the computer to the monitor.
The problem resides in the way the firmware updates are validated, it is important to remark that the attack requires gaining physical access to the monitor, for example, through the HDMI or USB port.
“A scenario where that could dangerous is if hackers mess with the monitor displaying controls for a power plant, perhaps faking an emergency.” wrote Lorenzo Bicchierai from Motherboard.
“Can I get you to shut down the power plant?” Cui asked rhetorically, with a sly smile. “I can do that.”
The expert highlighted that the attack is not so fast because images are slow to load, anyway such kind of hack could be effective against displays that are mostly statics, the control console of an ICS system.
The impact of the hack is huge, potentially one billion monitors of the principal manufacturers leverage on vulnerable embedded computers. The security duo analyzed other monitors from other brands, including Samsung, Acer, and Hewlett-Packard, and confirmed that it is theoretically possible to hack them with the same technique.
The two experts shared the code used for the presentation on Github.
“This repo contains the exploit for the Dell 2410U monitor. It contains utilities for communicating with and executing code on the device. The research presented here was done in order to highlight the lack of security in “modern” on-screen-display controllers. Please check out our Recon 0xA presentation (included) for a detailed description of our research findings and process. Presentation @ http://www.redballoonsecurity.com/presentation/Recon_0xA_A_Monitor_Darkly.pdf” states the description of the hack on Github
The Lesson learned is that trust our monitor could be a bad idea!
“We now live in a world where you can’t trust your monitor,” said Cui.
(Security Affairs – cyber attack, malware)