Why should hackers bother with complicated cross-domain hacks or redirects when they can just change the pixels on your monitor? Because it’s really hard and complicated, but not impossible, as one team at this year’s DEF CON showed.
The cadre of three researchers, going by the name of Red Balloon Security, got a hold of a Dell U2410 and dissected its innards. According to ARN’s Michael Kan, over the course of two years, the hackers gained enough of an understanding of the monitor to concoct a way to alter its pixels.
How could a nefarious person use such knowledge? Red Balloon were happy to provide a practical demonstration:
During their DEF CON presentation, they showed how the hacked monitor could seemingly alter the details on a web page. In one example, they changed a PayPal’s account balance from $0 to $1 million, when in reality the pixels on the monitor had simply been reconfigured.
The article goes on to mention that Dell’s hardware is not unique and the method could be applied to brands including HP and Samsung.
Now, for the big caveat. The display in question needs a USB, DisplayPort or HDMI socket (so those with ancient CRTs are safe), which means direct access to the hardware. Red Balloon’s GitHub repository containing the exploit has a more technical explanation:
The Dell 2410U monitor has a Genesis (now owned by ST) display controller onboard. The exploit sends debug messages to this chip using Genesis’s “GProbe” protocol over DDC2bi, which lets it write to RAM, read and write display registers, execute arbitrary code, reflash the device, etc.
DDC2bi is a part of display protocols such as HDMI and DisplayPort which normally lets the computer do things like control the monitor’s color settings and get the resolution of the monitor. As far as we know, GProbe is always enabled via DDC2bi on all Genesis display controllers, with no mechanism to disable it or limit who can access it.
So, as far as usability goes, yeah, it’s not great. But you have to give these guys credit for even thinking of such an attack vector.