Slashdot Mirror
One Billion Monitors Vulnerable to Hijacking and Spying (vice.com)
"We can now hack the monitor and you shouldn't have blind trust in those pixels coming out of your monitor..." a security researcher tells Motherboard. "If you have a monitor, chances are your monitor is affected." An anonymous Slashdot reader quotes Motherboard's article:
if a hacker can get you to visit a malicious website or click on a phishing link, they can then target the monitor's embedded computer, specifically its firmware...the computer that controls the menu to change brightness and other simple settings on the monitor. The hacker can then put an implant there programmed to wait...for commands sent over by a blinking pixel, which could be included in any video or a website. Essentially, that pixel is uploading code to the monitor. At that point, the hacker can mess with your monitor...
[T]his could be used to both spy on you, but also show you stuff that's actually not there. A scenario where that could dangerous is if hackers mess with the monitor displaying controls for a power plant, perhaps faking an emergency. The researchers warn that this is an issue that could potentially affect one billion monitors, given that the most common brands all have processors that are vulnerable...
"We now live in a world where you can't trust your monitor," one researcher told Motherboard, which added "we shouldn't consider monitors as untouchable, unhackable things."
[T]his could be used to both spy on you, but also show you stuff that's actually not there. A scenario where that could dangerous is if hackers mess with the monitor displaying controls for a power plant, perhaps faking an emergency. The researchers warn that this is an issue that could potentially affect one billion monitors, given that the most common brands all have processors that are vulnerable...
"We now live in a world where you can't trust your monitor," one researcher told Motherboard, which added "we shouldn't consider monitors as untouchable, unhackable things."
please consider posting a link to the actual article.
Hacking so successful they took down the link's webserver!
http://saveie6.com/
The link in TFS goes back to the forum page. Self-referencing itself in an infinite loop, although I didn't check all my pixels, is this how we program the monitor firmware? Clickety click click??
I am not watching porn, my monitor has been hacked by pixels that resemble naked people in sexy poses.
Here's a link to the story. Sadly it doesn't include any more detail than the summary.
It's not April Fool's Day, is it?
No. No, it isn't.
Who the actual fuck is this 'editordavid', and what's with these blatant troll 'stories' being posted? High likelihood in my opinion that Slashdot has been hacked.
Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
For years now (decades) we've seen cases where a bunch of software engineers thought it would be "cool" to add a new feature in a piece of software, only to implement something insecurely and as a result compromise an entire package or platform. Slowly, oh so slowly, our industry has woken up to the wisdom of starting a design with security and then only adding features when we must, and when they can be shown to be secure.
Along comes the Internet of Things and suddenly it feels like the hardware industry thinks that it has been given a free pass to go and be utterly stupid all over again. I know it's only been a couple of years since the news broke, but if there is one thing that Edward Snowden taught the world, it's that we weren't being paranoid enough.
Back when appliances were relatively dumb, countries around the world came up with quality testing schemes to enable consumers to verify that a product they bought had been tested to a minimum range of safety requirements (for example, in the UK there is the Kitemark). We have already passed the point where we need a cyber equivalent.
Do readers think we'll ever get there? Or do you supposed that there is too much money being spent by lobbyists to ensure that it never happens?
And an anti-virus running on the monitor firmware ..
or we just need openfirmwares, when a product runs out of commercial interest everything needs to be opened up.
No more arguments because the product is not sold anymore .. .. except its just rebranded faceliftet and sold as the new year edt.
Hardware engineers surely know that eval is evil. Or don't they? Why would they need anything other than an ISP interface tucked away on an internal circuit board, with the port fused after QC? It's not like monitors get firmware updates.
The link is relative instead of absolute so it's easy to find where it should go.
But the article just says "omg! Be scared! You must be more scared! They could destroy the world!" but says absolutely nothing about what the attack actually is or what is required to exploit it.
Having magic images that take over all monitors strains credibility to the breaking point. But monitors have I2C connections to the video source, for reporting their resolution and for other non video data. It's not at all implausible that this could be used to attack the monitor, which could then be triggered by video data later. Of course the attacker would have to have physical access first, or remotely hack the video driver, in order to send the I2C commands.
And of course some monitors have USB connections (say for speakers) that might be an attack surface, but that is a much narrower target than the article claims.
Basically this is just junk reporting. 204 no content.
Just my EUR 0.02 but my guess is that this hacking is done over the DDC (essentially an I2C interface) channel on the VGA/DVI port.
If some clever (...) designer also made firmware updates possible over this interface then it could be feasible.
Still I don't believe these microcontrollers inside a monitor have lots of ROM/RAM to spare for these kinds of extra software.
Call it something they fear and feed them balonie and they just eat it up!
networkworld
tomsguide
While this was not my original reason, this article makes me smug for using a pair of old 1280x1024 monitors. I run one over DVI, one over VGA. Especially VGA ones are a dime a dozen, if you shop around you can get a high quality used one under $20. With old monitors it's random whether you get one that flickers, has a high blue/etc loss or similar flaws -- but even if you can't return, it's $20 for another try. VGA ones also require adjustment, but if you press auto-adjust over a proper test screen rather than your desktop, analog-to-digital artifacts can be almost completely eliminated.
VGA provides no way for smuggling malware, and DVI ones are way too old to be vulnerable for such tricks. As an extra bonus, you get a sane aspect ratio rather than a modern narrow strip.
The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
CRT is outdated technology and there is residual radiation. It requires heavy glass and you can't build larger screens with it.
I fully agree that there shouldn't be such a sideloading API for monitors and that the monitors should be as dumbed down as possible, but I don't think that CRT is the answer. The task the firmware of a monitor executes should be so simple that it can be done right and without security bugs, can't it.
Wow, some idiot discovered there is a data channel to monitors... that has no practical "hacking" application. Said channel is frequently only used to transfer information about the monitor to the hosting device.
This isn't Hollywood, but expect some moron screenwriter to now use this in their plot.
I can see how this can affect airlines as well. Could this lead to the next waves of terrorist attacks? There should be measures placed to prevent this like this.
I'm just finishing up an MS degree in Electrical and Computer Engineering, my BS degree was in Computer Engineering. While we're being taught coding, and I started in CE instead of EE to get a stronger focus on the computer science portion, I've never been taught about secure programming. The CS portion of the CE degree mostly used Module-2 at the time, to impress the importance of consistent typing and what not, but in terms of how to make your code secure from malware attacks, or what a security weakness looks like or how to correct it, I've never seen that in general programming or embedded programming courses. I have no idea... And I don't know where to go and get an idea. I understand it's important, and after I do my last presentation for my last course in MS degree this coming week, I do want to seek out some resources about how to do that. I have a book about TDD for Embedded C programming, but surely that's not enough for security coverage, it seems more about correct functionality. I suspect that one could pass functional testing yet still have security holes...
So where do I go to learn effective "secure programming"? Do I go and take some MOOCs about white-hat hacking to learn how to break in, and then try not to leave those holes? Are those things applicable to embedded programming, or are they only about breaking into servers and websites?
I look forward to good suggestions, so that more of us can become capable of doing better in this regard.
First, the attack surface of a monitor is pretty bad. In VGA, all you get is an I2C line. It will be hard to even mount attacks. Second, there are a lot of different firmware versions out there. And third, no, the "computer" in a monitor cannot usually read individual pixels (or any screen-content at all), it is by far not fast enough for that and it will usually not even have access to that data-stream. This "Computer" is a small MCU, not anything general-purpose or fast.
Seems to me somebody wants to improve their fame by posting horror-stories with little or no connection to actual reality.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
... is not an article. Is this real or BS? Source cite!!!
...I only used punched cards. Including that box of random cards I found in the parking lot.
Silence is a state of mime.
You Smug asshole
I can see how this can affect airlines as well. Could this lead to a new form of terrorist attack? What are some of the precautions that could be taken to avoid this form of hacking?
Those old CRT monitors are not as inexpensive as you might think. A modern LED/LCD monitor draws basically 0 watts relative to the 200-400W a high end CRT one draws. If you run that 8 hours/day figure 70-130 dollars a year in electricity use. And in areas like Hawaii, you can triple that. Also I noticed massively more desk space when I finally moved off my 21" CRT's to panels.
The presentation summary (https://www.defcon.org/html/defcon-24/dc-24-speakers.html#Cui) starts with the following statement "There are multiple x86 processors in your monitor".
In my experience this is incorrect. x86 processors are far too expansive for this task. Most monitor LCD controllers I have seen contain an 8051 CPU of some sort. Also there are quite a few differences in the controlled OSD implementation between different manufacturers for someone to mount an effective attack that would affect "billions of monitors".
With the LCD controllers I'm familiar with, the OSD functionality is quite primitive. You can obscure part of the scree, but making a fake dialog box would be quite tricky. From experience the firmware is updated via the DDC channel on the VGA port, and needs spacial hardware. Some manufacturers support updating the firmware via the monitor USB port, which is what the article eludes to, but not all monitor have USB build in.
I'll admit it is a cool attack vector, but "billions affected" is a stretch.
which run in an special protected mode of the computer and abstracts the attached HW interfaces so that a program can not control the HS directly but a well defined subset of functions on this HW by calling another program.
Lets call the first program "os kernel" and the second one "device driver", and let's call the mode of the processor "ring 0".
To be clear on it: i would hope that the monitor firmware is somehow signed. OTOH, hacking my monitor still would require to pass the device driver on the computer, so i am not terribly worried, since the 1 Billion monitors do not have a coherent interface to firmware manipulations, and the picture that a pixel "uploads code" is accurate only an very abstract level, since in most monitors these pixels probably are not processed in the memory which can execute code. Those institutions with enough programming capacities to hack these already would have had access (swapping packets at the post) before delivery to circumvent it all.
I don't know what's wrong with Slashdot these days, but 50% of all my posts "magically vanish" these days.
I'll try again, shorter story but you'll get the geist of it:
This isn't new. Your camera, your keyboard and virtually any gadget has an embedded system in it, they have an entire computer in it if you like, they can easily fit a whole server gateway in there. But it's not as easy to do this as it might seem, so most of you have very little to worry about. Example. Say your monitor now has been successfully infiltrated with malicious code now, it still has to "hack" your windows installation and place a relay daemon there that'll have to avoid being detected by your anti-virus software or windows defender. Furthermore, if the malware is neatly compressing and transporting the image from your monitor on a separate protocol layer, you still have to have some kind of hidden client that can relay these packets to the network card or windows socket for the network card...or use the drivers, or inject into a stream of packets...all these things opens up an entirely new can of worms. Not even Windows knows all the networks in the world, I have a relatively modern computer...one of the most high end, and yet Windows 10 that came on a USB memory didn't even know what network chip my computer had, imagine a small embedded system entirely on its own...trying to figure out how to operate your computers network card, yay...good luck with that.
It's not as dangerous as it seems, I'd worry more about that little independent computer that reside inside your INTEL processor.
What this world is coming to - is for you and me to decide.
Seriously, CRTs? I suppose you advocate the return of leaded gasoline and DDT too.
Maybe start with this: https://www.amazon.com/Writing-Secure-Code-Strategies-Applications/dp/0735617228
There are a lot of free and paid resources out there. The difference I feel like is the paid ones hold your hand and walk you through, while the free ones require a little more knowledge on the topic. This is an exception, not a rule.
no need for a CRT to have a VGA port. HDMI and pretty much all digital ports came so hollywood can have DRM everywhere
This could never happen with an analog monitor (i.e. vga) in the same way "accidentally" throwing your car into reverse in a manual transmission car is impossible, unlike the weekly stories we hear about people and their automatic cars plowing into buildings.
Except that VGA usually has a digital side channel these days; BENQ has firmware updates over VGA for some models.
Your messages aren't "vanishing". Hackers have hacked your monitor to make it look that way.
Dump-a-Drumpf 2016/Forever
The link in the article is self referencing. Editing at it's best.
Who monitors the monitors?
It must have been something you assimilated. . . .
The Internet of Hackable Things...
Stop accepting unsigned firmware updates over insecure channels. This isn't 1980 any more.
-- The pinhead celt
This could never happen with an analog monitor
True. With an analog monitor, you have to use Van Eck phreaking instead.
I don't trust any of the pixels on my monitor now...
Especially when it comes to articles like this.
It's been clear to me for a few weeks that the new owners like to remove posts if they don't like or agree with them. I've read others saying the same, and of course I've seen a couple my own posts removed, too.
They changed the JS; if you block most of it, but whitelisted some, you have to add one of the new JS domains in to have it keep working. It seems to change which code it is actually using depending on if you clicked on nested stories already, or something. It looks like a bug that just only bites some people, and they don't mind the sloppy code so it stays.
I guess it depends on your school. I used to teach security aspects (with programming and others such as embedded systems) both at Bachelor and Master levels....
My blog, if you're interested: http://www.purp
That is a "fix" only if vendors maintain perfect security of their keys. The better solution would be to prevent any modification without a convoluted physical attack on the device innards... using ROMs for instance.
Also, knowing that endpoint security cannot realistically have multiple TCBs acting in parallel (hence, a large attack surface), the best design decision is to make critical peripherals (like keyboards and displays) as dumb as possible.
The complex bits should either be in the CPU or tightly bound to it. Otherwise, if you need to add complexity from other vendors and/or use flimsy security, then such peripherals can be contained in unprivileged contexts.
Yes, it may be possible to hack some monitors but generally this is bullshit. I have worked on the development of monitors so know that most simply can not be hacked in the way they suggest. The first criteria of most monitors is they are cheap. The second criteria is they work. Once you understand that then you realise the only to hack most monitors is with a special programming card (some can be updated via an USB port). The fact is you typically have a low spec 8 bit micro controlling a high speed switch/amplifier. The I2C channel is typically connected to a EEPROM and can not be used to program the micro. The CEC is a custom UART type port that also does not offer ISP functions. The micro controller can overlay low res graphics but has no ability to read the actual high speed video stream because to do so cost money, see criteria one, and is not need for it to work, see criteria two.
The simple way to see this is bullshit is to ask yourself when was the last time you updated the firmware in you monitor?
To be fair, CRTs and Leaded petrol is still in use in some places.
I do like CRT's still tho - It's only very recently that LCDs have gotten anywhere near the DPI that a CRT is capable of, and CRT's are still much better than LCDs at displaying arbitrary non-native resolutions.
You mean /. links to an actual real article?
Here all this time I thought it was just some random conjecture summary, then everyone goes straight to the comments to bitch about the app app luddite guy, something Trump, how some #lives matter, how W10 just fucked them, Apple fanboys, Linux/Desktop, basically nothing about the subject, just like this dumb comment.
Maybe I'll just read the actual articles from now on, and skip all this shit. Peace motha fuckahs, I'm out! Deleting my Anonymous Coward account now...
Perhaps read some of Bruce Schneier's books. Applied Cryptography was an early one, but there are more recent books out now. I'd start listening to the Security Now podcast as well, as it provides some great examples of "how to do things wrong", and teaches a lot of fundamentals. Steve Gibson has written some real life crypto products, and does his homework on topics of the day.
Essentially, I've learned just enough to know that, even as a 20-year veteran programmer, I'm not sure I'd be able to write a secure system, as it's just not my expertise. It's horrifically difficult to do it right without a huge amount of experience specifically in that field. If anyone tells you its simple to do, they're a liar or a fool. Never, ever try to invent your own security protocols, and especially never invent your own cryptography behind closed doors. It's pretty much guaranteed that you'll get things disastrously wrong unless it stands up to a *lot* of open review by cryptography experts. Search WEP security for a history lesson.
Unfortunately, IoT companies are filled with lots of smart young engineers who have no idea security is so impossibly hard to get perfect on the first try, and they're building unbelievably stupid security flaws into all these internet-facing devices. Buy an IoT baby monitor today, and you've got reasonably good odds that anyone in the world could view your baby cam with only a modest amount of effort. It's actually that bad right now.
Good on you for being willing to acknowledge that you need to know more about the fundamentals.
Irony: Agile development has too much intertia to be abandoned now.
This makes sense to me. That could be it.
What I guess might have fooled me could be that after I preview and click submit, it "pretends" to be there, it was even there in my profile, but after I came back it was gone. Happened twice to me lately.
I've tried to accept all things from this site with Adblocker, but every time I accept, there's always new ones to accept...accept...and then when I am in edit mode there's more to accept, even in preview mode.
What this world is coming to - is for you and me to decide.
This can't be serious.
The idea is my monitor, and millions more, are designed to take firmware updates over a video connection (VGA, HDMI, DisplayPort), and that there is enough available space in the storage of the controller to either cause my monitor to suddenly sprout a webcam, feed video images into malware on my desktop and send the images back to someone out on the Internet (The 'Spy on you' claim above.), or the software loaded into the spare space in my monitor from the video connection is sophisticated enough to implement a faux emergency condition in a power plant (The 'Faking an emergency' vlaim above.)?
Horse shit.
I eagerly await a demonstration of this miraculous feat.
.....when you can have 20 year old hipster 'programmers' warp and destroy the interface through their sheer incompetence in designing it.
Really appreciate your post - there's some useful information in there.
However, with what you've explained [and, perhaps, in a way that is not remotely connected to the original article, there's another interesting possibility here.
Back when I was a kid in the 70s [maybe early 80s], the UK ran a television commercial from "Habitat", a UK company which offers home furnishings, kitchenware, linens, that sort of thing. All very stylish, modern and chic.
The commercial was accompanied by an audio soundtrack that included some very fast-tempo clapping, so that the images on the screen could change incredibly rapidly. This commercial ran for a little while - and Habitat seemed to do very well out of that particular campaign. Then along came a neuro-psychologist from one of the UK universities and pointed out that what Habitat had actually been doing was actually creating subliminal impression. Brainwashing, pure and simple. Apparently, it's possible to "flash up" an image very quickly, so quickly that your conscious mind won't even register it, but in such a way that your subconscious mind can actually read and store it. Later, when you go into light sleep and your brain transfers short-term memories to long-term storage, these images and their messages get imprinted...
So whilst this little detour may not have a huge amount to do with the OP, there are maybe some threats to the user of a computer in which the video system has been compromised. And interestingly, those threats might not be directed at the computer at all, but at the user.
Very difficult to spot, too, I'd reckon...
Hmm. Writing a secure system is relatively easy. Unless you want it to receive arbitrary inputs.
Then it's a matter of trusting nothing.
If you do have to trust something (e.g. a firmware update) then that's where life gets interesting. Very few programmers ever need to get that complicated though.
Defensive programming techniques are straightforward and generally just require the programmer to be a cynical untrusting bastard.
Any programming course should tell you to validate your inputs. Beyond that, just put on your twisted bastard hat and think how to break your own system; only a handful of people worldwide can come up with the really serious hacks like monitoring temperature differentials within the CPU to break wifi encryption keys, and nobody teaches you how to defend against them anyway.
Subliminal advertising is complete bollox http://www.snopes.com/business...
...a CSI:Cyber episode soon.
Your VGA CRT still has digital pins for accessing EDID over DDC/I2C. Unless it's super old and before the SuperVGA and multi-sync era.
indeed, the major win for digital versus analog in monitors and elsewhere emsec-wise is van-eck-phreaking distance i presume
"Validate your inputs" is a good start, but doesn't really cover all cases, because you may not simply be parsing data coming from untrusted sources. Say, for example, that you need your IoT hardware device to talk to a user's smartphone. That probably involves a round-trip though the user's router, to a remote server, and then back to the user's phone, and there are many, many mistakes you can make here - probably in the name of "simplicity" or "economy". I'm not sure building potentially vulnerable internet-facing systems is as rare as you think, as more and more software and hardware is going online.
The more you learn about crypto and security, the more you realize it's unbelievably hard to get it right. I'm also skeptical of the notion that "only a few people in the world know how to do x" is any sort of protection. These sorts of exploits tend to get publicized, and once they're known and put into convenient exploit kits, any script-kiddie can deploy them.
Also, that's precisely why you have to rely on well-trusted crypto libraries and vetted standards. For instance, one side-channel attack involves listening to CPU hardware as it takes different branches based on secret key input. Researchers have actually been able to determine secret keys in that manner, with nothing but physical access to a machine's ethernet cable, or listening to a CPU in one VM from another VM. Even though this is still a laboratory-only attack at the moment, well-known crypto libraries still take active steps to mitigate it by ensuring no branching is done based on input data.
Irony: Agile development has too much intertia to be abandoned now.
True, but by the time you need to be building that level of security into the system you're going to need to be a domain expert anyway.
Most programmers write websites and business systems. Let the libraries deal with the difficult bits and code 'properly' to cover the rest. Even stuff like cross-site scripting or SQL injection is mostly covered by 'code properly' and 'trust no inputs'; too many people sadly fail even at that level.
This could never happen with an analog monitor (i.e. vga)
EDID digital signalling on vga has been around for 20 years, and there has been all sorts of uncommon issues and corner cases that pop up, where either the video card/drive combo or the monitor produces malformed information or doesn't handle standards fully. I remember at least once case where X would crash if I brought up the on screen menu of an old CRT. Another monitor generated a bunch of repeating error log entries that got annoying on an older machine with less cpu and harddrive space to be constantly dealing with that.
in the same way "accidentally" throwing your car into reverse in a manual transmission car is impossible
You've must have never driven an older three on the tree or similar four speed configuration where the reverse is easy to get into when you're trying to shift into second. It took some effort with a nice, newer transmission in good shape, but when you had crappy synchros and a car with a near useless first gear ratio, you had to be aware of the potential problem.
True, but by the time you need to be building that level of security into the system you're going to need to be a domain expert anyway.
God, I only wish that were true. All the evidence seems to show otherwise, because so many of these IoT companies are making *unbelievable* ham-handed security mistakes. These companies are going through the exact same long, painful security learning curve that OS-makers and library writers went through a decade ago (and not that they're finished either).
Irony: Agile development has too much intertia to be abandoned now.
The practical solution, of course, is just to kill people who use terms like 'endpoint security' with claw hammers.
Not to add any complexity to this discussion or anything.... but really....
Schneier is a cryptology journalist, not a cryptographer. And cryptography relates to security in the same way as Trigonometry relates to the Calculus.
He's done a good job leveraging the fact that he wrote 'Applied Cryptography' when nobody else dared. And he probably has gathered up a lot of good info for his books and publications since then.
Noscript has the angry red mark down in it's spot on the bottom right corner when I am using Slashdot on Seamonkey, because there are many, many things the Slashdot page would apparently like me to unblock, but Noscript says I am only allowing 4/17 and it works pretty good. (Hmmm, I should block off a few more of those... what is rpxnow.com and rubiconproject.com....)
(better post this before blocking them)
Sorry for doubleposting, but blocked those two and now it says 2/16 Allowed. Something gave up trying. Yay!
He's also developed a few good ciphers such as Blowfish.
DDT has an undeserved bad rap..
I have determined that my sig is indeterminate.
The background is true. Some group found out a type of monitor can install firmware. That means both good stuff and bad stuff can be installed. (which can be dangerous depend on the extent)
but the article is FUD. Not all monitors have the connection to update firmware from the computer. Also, this should not be mixed up with monitors without a cpu. (aka with only the screen)
I don't know what's wrong with Slashdot these days, but 50% of all my posts "magically vanish" these days.
I have this happening to *all* of my 'anonymous coward' posts now. Presumably including this one. We'll see. They don't even show up after clicking on 'load all comments', they are really gone.
It's been clear to me for a few weeks that the new owners like to remove posts if they don't like or agree with them. I've read others saying the same, and of course I've seen a couple my own posts removed, too.
Well that would explain why it sometimes seems like only half of the replies show up, with people replying to posts that just aren't there. Not even after you click 'load all comments'.
Follow the white rabbit.
This is where it gets silly though. The evidence suggests that the issue isn't that developers don't have easy access to resources that help them to secure 'things', it's that they don't even bother to try.
That's a far harder issue to resolve.
You need *physical access* to hack the monitor.
"The team started by tearing apart a Dell U2410 monitor and eventually figuring out how to change pixels on the screen. They found out the firmware is not delivered securely. An attacker would need to gain access to the monitor via the HDMI or USB port, but then the monitor would be pwned."
http://www.networkworld.com/article/3104926/security/hacking-monitors-for-spying-stealing-data-manipulating-what-you-see-on-the-screen.html
captcha: disdain
(kudos on the captcha engine, it often gives words related to the post)
Having a port that can be used specifically for software updates and diagnostiocs isn't such a big problem, even without signatures (the hackability can be a nice feature).
The concern is the bit about them being able to use the HDMI port top push software. That is the sort of thing a bad guy could use to hack the monitor remotely.
old CRTs are vulnerable to attacks including but not limited to changing the resolution to an unsupported, usually high resolution unsupported by your card/monitor.
don't believe me? (i don't recommend this for anything but education without actual practice of said demonstration) load up a really old version of Linux which requires you to manually configure your desk-top's resolution. if you misconfigure it, you might hear sounds (but not limited to) like a high pitch squeal or a cooking sound from your CRT monitor as the light from the screen dims or otherwise acts strange.
many people have fried or damaged components by testing/using mode(s) not supported by the monitor/card. it's easy to create a terrible wreck of these devices if you know what you are doing. the trick would be finding a way for the user to run said malware.
You may laugh, but there are actually RFC's (and at least one real-life implementation) for Internet Protocol using carrier pigeons.
Oh, look! My first threatening message on /. from a member of the Trump hard-on club.
How about that - you will buy my antivirus for monitors and it will guarantee that your monitor is free from viruses?
From creators of Monitor Antivirus - the ubiquitous Mouse Antivirus! Works with all types of mice - from 20th century Genius to latest Razor.
Do you think $20 would be a reasonable price tag? Also, how about some USB gadgets like USB fans - I am pretty sure hackers will target them very soon, so I should focus on a sophisticated solution that would build up the synergy of security, peace of mind and performance.
The brand name is still a question - any ideas?
I'm surprised the link doesn't include advertisements for genuine tin foil hats for $99.99. None of that faux protective fake aluminum foil shit.
To quote Vincent Price in "The Raven" - It must be some insidious form of mind control.
https://www.youtube.com/watch?v=PvngX_-K-NI
Can you hack a computer, change the driver software to insert malicious code into the monitor firmware; possibly. Would that give you anything useful? Well, if you could hack the camera in a laptop or a wifi enabled nannycam; you could compromise data by transmitting via modified flicker rate. The question is why you would want to use such convoluted crazy measures when, if you can insert code into the computer, you don't just copy whatever you want and install a key logger.
File this one under more "big brother is hypnotizing us with television flicker"
NRRPT/RCT