After many months of research and testing in reverse engineering, experts from Red Balloon Security, a company that was founded in 2011 by two of the world’s leading cyber-security researchers, found a way to hack a monitor without even hacking the computer.
During DEF CON 2016, an annual hackers convention that attracted over 22,000 good and bad hackers among others from the security industry, Red Balloon chief scientist Dr. Ang Cui and principal research scientist Jatin Kataria showed how to manipulate a monitor by using an HDMI or USB port. During their presentation they exposed how by exploiting a hacked monitor, they added a secure lock icon on a web page that was not there. Think about the consequences from this addition and how it can lead to financial information falling into the wrong hands.
Another example was that they made a zero PayPal account balance appeared to be a $1B balance and a more serious one was that they changed the light status on a power plant’s control interface from green to red.
During their research, they used a Dell U2410 monitor and figured out how to change pixels on the display through the firmware, which was not that, secure. But it’s not just Dell monitors that are at risk, many other brands that we have sitting on our desk at work or home, including Acer, HP, and Samsung, are all vulnerable to the undetectable firmware attack according to the researchers.
As pointed out, for this type of attack to occur, though, hackers need access to physical monitors through the USB or HDMI ports, which may not be a concern for many but there have been many warnings by experts who have said that a country’s infrastructure, especially the US could be at risk if malware is introduced through a USB drive. Research has revealed that if USB drives are left lying around, that nearly 50 per cent of those that picked them up will plug it into a computer. I know it is hardly unlikely that a hacker will try to target your monitor but infrastructure targeting is still a very real threat as well as monitors that are manipulated before reaching its destination.
This was amply highlighted by ExtremeTech, “One of the disclosures Snowden made several years ago was that the NSA had a program dedicated to intercepting systems shipped by Dell, HP, and other manufacturers, modifying the hardware between the warehouse and its destination, then sending it on its way, with the final recipients none the wiser. Targeted interception and modification of this sort is rare, but this is precisely the kind of modification that government-sponsored black hats might use.”
The purpose of Cui and Kataria’s presentation was to raise awareness about computer monitor security and the real threat to infrastructure systems if infringed.
Another result of this sort of hack is that it could be used to spy on what we are doing, what we are seeing, and even pilfer our data. But we can take comfort in the fact that at this time, this type of hack is not an easy one according to the researchers, but then again, with the heavy emphasis on hacking, we will be naive to believe that hackers cannot use this to generate more sophisticated ways to intrude our cyber-lives.
SAMSUNG GALAXY S8 PLUS
The Samsung Galaxy S8 Plus is a beautifully crafted smartphone with nearly no bezel, curvaceous in design and reflects a…
How to: Connect to Exchange Online Using Multi-Factor Authentication
Using PowerShell to manage your Microsoft cloud services like Exchange Online and using multi-factor authentication (MFA) separately is awesome. Using…