We think of our monitors as passive entities. The computer sends them data, and they somehow—magically?—turn it into pixels which make words and pictures.
But what if that wasn’t the case? What if hackers could hijack our monitors and turn them against us?
As it turns out, that’s possible. A group of researchers has found a way to hack directly into the tiny computer that controls your monitor without getting into your actual computer, and both see the pixels displayed on the monitor—effectively spying on you—and also manipulate the pixels to display different images.
“We can now hack the monitor and you shouldn’t have blind trust in those pixels coming out of your monitor,” And Cui, the lead researcher who come up with this ingenious hack, told me earlier this week.
Cui, the chief scientist at Red Balloon Security and a recent PhD graduate from Columbia University, presented his findings at the Def Con hacking conference in Las Vegas on Friday along with Jatin Kataria and other colleagues.
During a demo at the Red Balloon offices in New York City earlier this week, Cui and his colleagues showed me how the hack works. Essentially, if a hacker can get you to visit a malicious website or click on a phishing link, they can then target the monitor’s embedded computer, specifically its firmware. This is the computer that controls the menu to change brightness and other simple settings on the monitor.
The hacker can then put an implant there programmed to wait for further instructions. Then, the way the hacker can communicate with the implant is rather shrewd. The implant can be programmed to wait for commands sent over by a blinking pixel, which could be included in any video or a website. Essentially, that pixel is uploading code to the monitor. At that point, the hacker can mess with your monitor.