Keepnet Labs Logo
Keepnet Labs > blog > mr-robot-becomes-reality-stop-trusting-your-monitor

Mr. Robot Becomes Reality: Stop Trusting Your Monitor

When someone is taken aback by something that is hard to believe, they often say, “You can’t believe your eyes.” Hackers exploiting security flaws in monitors, on the other hand, make this adage actually accurate.

Mr. Robot Becomes Reality: Stop Trusting Your Monitor

“You can’t belileve your eyes” is a common statement when someone is very surprised by something that is hardly believable. However, hackers exploiting the security vulnerabilities in the monitors make this statement literally true. According to Ang Cui, founder and chief scientist of Red Balloon Security, it is possible that a computer monitor can be hacked. Believe it or not, the monitor can change the contents of the screen without the user realizing. In today’s world, there are at least a billion monitors that are vulnerable to cyber-attacks. Cui and his team have labeled this kind of hack, A Monitor Darkly, a hacking method that is featured in season 3 of popular TV Show “Mr. Robot”.

Someone else can control what you see on your monitor

Using a Dell (U2410) 24” monitor, Cui demonstrated how the monitor can be attacked. The monitor typically has another computer inside it, the on-screen display controller which is used to display pixels and select input. Research shows that there is a way that an attacker can gain access to and cause arbitrary code execution inside the on-screen display controller.

Do not trust the output of your computer

Cui demonstrated how it is possible for the monitor to change the pixel values on the screen. During the attack, the hacker redirects a user to a website that looks similar to their banking website. Normally when this is done, the SSL lock on the browser is normally not visible to the user. However, attackers are able to compromise the monitor and put the SSL lock onto the screen. At this point, the computer does not show that the connection is secure but the monitor overlays the SSL lock into it giving the user the impression that the connection is secure. The monitor can as well be used to change the bank balance of a user. If the user balance is $100 for example, it can be changed to read $1,000,000. During these attacks, it is very difficult for the user to detect any anomalies because the attack interacts with the computer only through the monitor.

How can you detect monitor hacking?

It is possible for users to detect when their monitors have been compromised. During the attacks, the image on the screen loads much more slowly than they normally do. A user who sits in front of their machines most of the time will definitely notice that something is amiss. Unfortunately, this hack can also be applied to industrial control systems monitors that have static displays. For these monitors, the attack is almost impossible to detect. Detection can also be made possible in cases where the display firmware is readable. In scenarios like these, a reference is used to detect an attack.

What is the solution?

Dell has been notified by Cui and his team about the vulnerability of their monitors to the Monitor Darkly attack. Dell takes security of their products seriously. As part of the solution, Dell recommends that users should update to a more secure U2417 monitor. Most of the time, the display controller firmware is modified during attacks on the monitor. Re-flashing the controller firmware removes the corrupt file that may have been installed to carry out the attack.



Schedule your 30-minute demo now

You'll learn how to:
tickAutomate behaviour-based security awareness training for employees to identify and report threats: phishing, vishing, smishing, quishing, MFA phishing, callback phishing!
tickAutomate phishing analysis by 187x and remove threats from inboxes 48x faster.
tickUse our AI-driven human-centric platform with Autopilot and Self-driving features to efficiently manage human cyber risks.
iso 27017 certificate
iso 27018 certificate
iso 27001 certificate
ukas 20382 certificate
Cylon certificate
Crown certificate
Gartner certificate
Tech Nation certificate