A Monitor Darkly, an attack on computer monitors, now wakes up the industry for further introspection.We were concerned about the Computer security for a while now. During a security review or assessments, how many of us included monitors?
A Monitor Darkly, an attack on computer monitors, revealed by a researcher has shocked the cybersecurity professionals across the world. We were concerned about the Computer security for a while now. During a security review or assessments, how many of us included monitors? Whatever the answer is, you cannot ignore it anymore! Ang Cui from Red Balloon Security was able to disclose an attack called A Monitor Darkly. He demonstrated a new way to break into popular Dell Monitors and compromised it to manipulate what you can see on the screen! Scary, is it? Cybersecurity challenges are getting sophisticated day by day, and this is an addition to that!
Cyber Risks and Security Challenges are on the rise, read how to protect?Cyber Attacks Everywhere?Using this type of attack, which is called “A Monitor Darkly,” the user could be fooled to disclose personal, business or financial information to the criminals who are targeting them.
So how it works?
Ang Cui demonstrated the hack through a video he released recently. It is an eye-opener for security vendors and professionals alike. Ang Cui was able to break into a Dell U2410 24-inch monitor. The attack was on the minicomputer inside the monitor, that enable to display the content on the screen by converting the computer data to pixels. Ang is claiming that the research team found a way to gain access to execute an arbitrary code inside the monitor controller. You can’t trust the computer anymore, as the monitor can be manipulated by the hacker and pixel values on the screen can be changed. The team of researchers redirected the user to a website that looks like a banking one. Since the fake website cannot display the lock screen of the SSL certificate, the objective is how else to convince the user to trust the site. The attacker would then compromise the monitor processing function and successfully was able to put the lock on the screen near to the URL. The SSL lock put by Ang Cui and team was for demonstration purpose, and they kept it static. Capability to move it around the screen was technically possible if the user moves the browser. In short, as you learned over the year, the judgment you make based on looking at the lock symbol near the URL for assuring that the website is actual and secure, is not valid anymore! Although the computer was not showing your connection is protected, but the hacked monitor could be overlaying the lock symbol on the screen to convince you to trust and provide sensitive information.Is holistic security the answer? Read hereThis point to risk, that the hackers can change what we see in our bank account! Even if you have 100,000 dollars in your account, it may show that you have only 500 dollars, and vice versa! This mode of the hack, cannot be easily recognized by the user, as the interaction with the computer for a user is through the monitor. Ang Cui and team assuming that around 1 billion monitors are vulnerable to this type of attack. The hack is called “A Monitor Darkly” and details are published on Red Balloon’s GitHub. Red Balloon has informed Dell about the vulnerability, for which the vendor advised users to update to a U2417 monitor! Is that a free upgrade?
Want to know Top 10 Information Security Mistakes Organizations Make:Click Here