At a recent DEFCON presentation in Las Vegas, researchers demonstrated how it’s possible to hack into a monitor’s firmware and make changes to what a user sees on their computer, without actually breaking into the PC itself.
This has serious security ramifications, because while your PC is typically protected by multiple layers of security, the firmware that drives nearly every monitor currently in use has no protection at all. The method by which most monitors get updates to their firmware is completely open, which is a standing invitation to attack.
It should be noted that it took the researchers more than two years to reverse engineer a way into the monitor’s firmware, so this is by no means a trivial attack that just any hacker can carry out. You can be sure, now that the information is in the wild, it’s just a matter of time before the first company or government agency falls victim to it.
How can such an attack be used?
There are actually a number of applications. A web address can be spoofed, making it appear on your screen that you’re going to a legitimate website, when actually you’re going to a fake website controlled by the hacker and loaded with malware.
It can be used to make your Paypal or other account balances read as zero on your screen, prompting you to click a link to report a problem (the link, of course, controlled by the hacker). By employing misdirection of this kind, it would be easy to lure a user into dangerous waters, and greatly increase the likelihood that they would install malicious software that would give the hacker complete control over the system.
These kinds of oblique attacks are becoming increasingly commonplace. It’s no longer enough to simply secure the PCs, laptops and smart devices that connect to your company’s network. You’ve now got to be concerned with every peripheral, and every internet-capable object your network comes in contact with.
If that seems a bit overwhelming to you, contact us today and we’ll put you in touch with one of our knowledgeable team members. We can assess your current digital security needs, and create a custom solution around those needs.