Slashdot Mirror
One Billion Monitors Vulnerable to Hijacking and Spying (vice.com)
"We can now hack the monitor and you shouldn't have blind trust in those pixels coming out of your monitor..." a security researcher tells Motherboard. "If you have a monitor, chances are your monitor is affected." An anonymous Slashdot reader quotes Motherboard's article:
if a hacker can get you to visit a malicious website or click on a phishing link, they can then target the monitor's embedded computer, specifically its firmware...the computer that controls the menu to change brightness and other simple settings on the monitor. The hacker can then put an implant there programmed to wait...for commands sent over by a blinking pixel, which could be included in any video or a website. Essentially, that pixel is uploading code to the monitor. At that point, the hacker can mess with your monitor...
[T]his could be used to both spy on you, but also show you stuff that's actually not there. A scenario where that could dangerous is if hackers mess with the monitor displaying controls for a power plant, perhaps faking an emergency. The researchers warn that this is an issue that could potentially affect one billion monitors, given that the most common brands all have processors that are vulnerable...
"We now live in a world where you can't trust your monitor," one researcher told Motherboard, which added "we shouldn't consider monitors as untouchable, unhackable things."
[T]his could be used to both spy on you, but also show you stuff that's actually not there. A scenario where that could dangerous is if hackers mess with the monitor displaying controls for a power plant, perhaps faking an emergency. The researchers warn that this is an issue that could potentially affect one billion monitors, given that the most common brands all have processors that are vulnerable...
"We now live in a world where you can't trust your monitor," one researcher told Motherboard, which added "we shouldn't consider monitors as untouchable, unhackable things."
The link to the article us where it always is, right next to the title in green text. This one says vice.com. It has been like this for awhile.
Two links that are ten times more informative:
http://boingboing.net/2016/08/...
https://www.defcon.org/html/de...
It took me about five minutes to find the link you're referring to. I had no idea that links were provided next to the title on /. -- probably because, at least on my browser, the link is almost entirely covered up by the "Displays" and "Security" icons.
networkworld
tomsguide
Calm down. TFA is bullshit.
I'm a firmware engineer. Let me tell you a bit about how monitors work internally. The data rate for video is way, way too high for any kind of inexpensive CPU to handle. It's all done by ASICs, which are fixed function. They have a few programmable parameters, but the most you will be able to so is configure things like gamma/contrast/brightness and change scaling options, stuff like that.
There is a CPU in there (more accurately an MCU), to do menus and talk to the PC, but it can't see what's on screen. The data rate is too high, it doesn't even connect to that bus. It doesn't need to, it just sends commands to the ASIC to to the overlay graphics. So this idea that a hacker could infect the firmware and then communicate via a flashing pixel is bollocks, the CPU can't even see the pixels.
Apart from bricking or irritating the user, I can't see any practical use for this. If the hacker can get to the point where they can talk to the monitor's firmware anyway, they already p0wned your system remotely or are standing next to it. I can't really see much opportunity for an evil maid attack.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Subliminal advertising is complete bollox http://www.snopes.com/business...