One Billion Monitors Vulnerable to Hijacking and Spying

"We can now hack the monitor and you shouldn't have blind trust in those pixels coming out of your monitor..." a security researcher tells Motherboard. "If you have a monitor, chances are your monitor is affected." An anonymous Slashdot reader quotes Motherboard's article: if a hacker can get you to visit a malicious website or click on a phishing link, they can then target the monitor's embedded computer, specifically its firmware...the computer that controls the menu to change brightness and other simple settings on the monitor. The hacker can then put an implant there programmed to wait...for commands sent over by a blinking pixel, which could be included in any video or a website. Essentially, that pixel is uploading code to the monitor. At that point, the hacker can mess with your monitor...

[T]his could be used to both spy on you, but also show you stuff that's actually not there. A scenario where that could dangerous is if hackers mess with the monitor displaying controls for a power plant, perhaps faking an emergency. The researchers warn that this is an issue that could potentially affect one billion monitors, given that the most common brands all have processors that are vulnerable...
"We now live in a world where you can't trust your monitor," one researcher told Motherboard, which added "we shouldn't consider monitors as untouchable, unhackable things."

please consider

please consider posting a link to the actual article.

Re:please consider

[pete6677]

This is yet another example of what happens when we keep letting hipster developers ruin the internet by stripping out useful navigation and visibility features.

Re: please consider

Not everyone likes to progress into idiocracy.

Re:Link to the story

[OzPeter]

Here's a link to the story. Sadly it doesn't include any more detail than the summary.

And if you squint really hard you'll see that this is the link to the right of the story's headline.

So while the link was there all along, slashdot once again shows how clueless it is with regards to usability. (That plus the link in the TFS is a circular reference).

Link is broken, but doesn't say anything useful

The link is relative instead of absolute so it's easy to find where it should go.

But the article just says "omg! Be scared! You must be more scared! They could destroy the world!" but says absolutely nothing about what the attack actually is or what is required to exploit it.

Having magic images that take over all monitors strains credibility to the breaking point. But monitors have I2C connections to the video source, for reporting their resolution and for other non video data. It's not at all implausible that this could be used to attack the monitor, which could then be triggered by video data later. Of course the attacker would have to have physical access first, or remotely hack the video driver, in order to send the I2C commands.

And of course some monitors have USB connections (say for speakers) that might be an attack surface, but that is a much narrower target than the article claims.

Basically this is just junk reporting. 204 no content.

Story is insulting to slashdotters

[BenJeremy]

Wow, some idiot discovered there is a data channel to monitors... that has no practical "hacking" application. Said channel is frequently only used to transfer information about the monitor to the hosting device.

This isn't Hollywood, but expect some moron screenwriter to now use this in their plot.

My messages vanish all the time now...trying again

[MindPrison]

I don't know what's wrong with Slashdot these days, but 50% of all my posts "magically vanish" these days.

I'll try again, shorter story but you'll get the geist of it:

This isn't new. Your camera, your keyboard and virtually any gadget has an embedded system in it, they have an entire computer in it if you like, they can easily fit a whole server gateway in there. But it's not as easy to do this as it might seem, so most of you have very little to worry about. Example. Say your monitor now has been successfully infiltrated with malicious code now, it still has to "hack" your windows installation and place a relay daemon there that'll have to avoid being detected by your anti-virus software or windows defender. Furthermore, if the malware is neatly compressing and transporting the image from your monitor on a separate protocol layer, you still have to have some kind of hidden client that can relay these packets to the network card or windows socket for the network card...or use the drivers, or inject into a stream of packets...all these things opens up an entirely new can of worms. Not even Windows knows all the networks in the world, I have a relatively modern computer...one of the most high end, and yet Windows 10 that came on a USB memory didn't even know what network chip my computer had, imagine a small embedded system entirely on its own...trying to figure out how to operate your computers network card, yay...good luck with that.

It's not as dangerous as it seems, I'd worry more about that little independent computer that reside inside your INTEL processor.

Re: Security missing in education

Maybe start with this: https://www.amazon.com/Writing-Secure-Code-Strategies-Applications/dp/0735617228

There are a lot of free and paid resources out there. The difference I feel like is the paid ones hold your hand and walk you through, while the free ones require a little more knowledge on the topic. This is an exception, not a rule.