Computer monitors vulnerable to undetectable firmware attacks

Originally published at: http://boingboing.net/2016/08/06/computer-monitors-vulnerable-t.html
…

“Can I get you to shut down the power plant?” Cui asked rhetorically, with a sly smile. “I can do that.”

Cheery thought…

I’m going back to one of these.

That’s easy enough to hack:

190512_28_1.jpg800×444 70.6 KB

Curses! Right then, mnemonics, everything recorded in mnemonics.

ETA: I just realized your hacking tools are equally effective against my proposed countermeasure. Drats!

I did not know monitors had a processor. Why? Can’t they just… take the pixels and put them there? I am quite sure my momma’s old B&W teevee did not have a processor.

Cory’s favorite word: DRM.

(and many other reasons I won’t go into while typing from my phone but to tl;dr: no you can’t just push pixels to an LCD)

What the fuck. All these firmware attacks (BadBIOS, etc.) could be prevented by the inclusion of a single connector or switch.
Time to update the firmware? Connect a jumper or press the switch. Don’t want the chip to be rewritten by a tainted website or virus? Leave it in read-only mode.
These devices are being designed this way on purpose, so security panic can lead to a buying spree of “safer” replacement devices.

They’re being designed this way because it’s cheaper, easier, more user friendly, and because people had not considered this sort of breach. I certainly had never thought of it.

You can sort of just push pixels to a CRT, but if you’re using a digital display, you need at least minimal processing to turn bits into pixels, and if you’re using something like HDMI on a monitor that can resize your display to make it fit, that’s getting into a lot of processing capability. (It still should have the skillz to distinguish between data and programming, but I suppose one way to hack it is if there are multiple streams of potential input you can make it play the wrong ones.)

Food for five years, a thousand gallons of gas, air filtration, water filtration, Geiger counter. Bomb shelter! Underground… God damn monsters.

Security by obscurity isn’t security at all.
It boggles the mind as to why a monitor would need updates in the first place, but it should always require user intervention. “Inconvenient” and still subject to social engineering attacks, it would still seriously limit the damage that these threats can do.
This is what we get for putting a high-speed bidirectional port on what should be only an output device.

I’m not saying that they shouldn’t have, or that forethought isn’t needed. I was commenting on your ridiculous notion that this was planned, a foolish idea to sell more monitors. Preparation costs money. When you prepare for something that won’t happen, that money is never well-spent.

I’m frustrated with commentators like you that seem to get confused and claim conspiracy when simple market forces make far more sense. Why does DisplayPort and HDMI support traffic? For nefarious means? No, because it’s simply more convenient to have less cables. In some cases that cabling can save customers money and time more than simply aesthetics.

Does your suggestion make sense? Sure. Should most things be in this state? Sure. How much is? what happens when that mechanical jumper switch fails? When there’s a hardware fault on a component that customers don’t care about? How does that look for the company?

Again, I’m not faulting the underlying goal: we should have more secure hardware. But to imagine and posit that it’s due to some silly goal to wait for security flaws and then sell more monitors is an irrevocable lapse in judgement and sense that outweighs any good message you were making, same as if you said “Monitor manufacturers just did this because the green aliens from Pluto can mind control monitors and they own the monitor companies.”

and also (from the article):

This is the computer that controls the menu to change brightness and other simple settings on the monitor.

I don’t get it - is the malware installed via coded pixels?

If not, how’s it going to enter my monitor when there’s no data entry channel open?

Does the rest of the world have monitors with upgradable firmware and I’m missing out?!?

Ye Olde CRT type monitors and TVs generated images by feeding an oscillating wave directly into the electron guns. More modern display approaches use a logic circuit to address each pixel*; theoretically you could craft one that would use simple logic, but modern display standards are very complex, not to mention that you need something to make adjustments to the screen, control inputs etc.

*For example, TFT LCD = thin film transistor liquid crystal display, AMOLED = active matrix organic LED. These transistors need to be controlled by logic circuits, the easiest way to do that is with a microcontroller.

Most or all modern displays will have some sort of programming interface that can be accessed over the only external interface - the display interface. It’s less that you’re missing out and more that everyone is, just like with every other piece of hardware with poorly coded firmware (most relevantly to this discussion would be USB drives and the resulting BadUSB). Those that don’t could theoretically be compromised by specially crafted signals through the interface, but that would likely invoke the handshakes and other communication between the monitor and GPU rather than the framebuffer, and would be unlikely.

The article as written is sensationalist because they’ve demonstrated a theoretical way to make use of malware that has been installed in a monitor, and demonstrated the attack on some units, but most monitors, while likely equiped with programming interfaces, will not be readily programmable without reverse engineering the interface and the firmware first. Kind of like how theoretically hard drives can be attacked but so far only one group has actually done it, and they reserved it for super high value targets; to pull it off you need to know the clean firmware of the specific model of device you’re targetting, know how to squeeze your malware into it, know the programming API and compromise a machine attached to it first to deliver the payload.

On the other hand, smart TVs are also real juicy targets, with increasing numbers of sensors, network connectivity and full operating systems with exposed sockets, not to mention including factory spyware and adware. So if you use a smart TV as a monitor then you’re probably screwed.

I must attach some cameras to my 8000ish sammy so I can have it juicing and start magical thinking that Unity Engine is going to patch it to hardened marshmallow or something. http://www.networkworld.com/article/3104926/security/hacking-monitors-for-spying-stealing-data-manipulating-what-you-see-on-the-screen.html offers links to the paper (uh…it’s slides, see p. 26, 52, 55, 72 for a run… 88 151 success from USB driver )/github, BTW (didn’t see them before, pro’lly just released.)

The nicer punchline included is that they can hack the monitor without having hacked the host PC/whatevs. …not substantiated in the Network World link oops. Or that it’s an x86 in the OSD chips, which I feel is punchy. Punchy like “Your dome light is PIC based, let me play Jimi’s Stars and Stripes on it. [Lots of doorswitch chatter and a muted national anthem chiptune]” When we go to outer space it will be to escape Ben Daglish for Dubstep.

I’m actually super excited for this because now I might be able to actually create a brightness OSD menu that requires fewer than eight clicks to use on my Samsung.