Hackers could weaponize up to a billion monitors to spy on everyone
Most of the time when we talk about PC security, we talk about either the operating system or the hardware that it runs on. Security researchers tend to focus on these characteristics for obvious reasons, but it’s always interesting to see what other research teams can do by targeting the hardware most of us don’t consider part of the normal security chain. New research presented at DEFCON last week by Ang Cui and Jatin Kataria discussed how one team discovered monitors are themselves vulnerable to hacking — and in ways that can be difficult for ordinary users to spot.
Monitors aren’t just dumb display terminals that output an image, after all. They contain ASICs (application-specific integrated circuits) that are capable of providing overlays and scaling functions. Monitors with USB hubs or speakers integrated into the housing also contain the necessary circuitry required to interface with those subsystems. Monitors can also require their own firmware updates — and as Cui and Kataria demonstrated, these vectors can be used to hijack the monitor’s capabilities to display information that isn’t actually on-screen.
