We’ve been asked if a monitor has some way of storing data unknowingly and exposing the user to exploits and malicious attacks. Security services and providers often focus on the computer itself when it comes to protection from breaches, hacks, and phishing. But on the other hand, peripherals do not even get a low-level security layer since the attention has always been on the PC’s internals.
Storage devices like HDDs and SSDs, RAM, which often contain crucial or personal data have always been the target of spyware and malware. One example is the recent Spectre/Meltdown issue found on Intel chips which revealed a critical vulnerability that could be exploited. But what about peripherals, which are often just viewed as plug-and-play devices with no internal memory?
Can Monitors Store Data?
The short answer is yes, monitors often have a minor implementation to store data for menial purposes. However, this does not mean that it can store personal data from the machine itself, so it doesn’t present itself as a vulnerability to your cybersecurity. The memory built into them is often used to control the monitor’s behavior, such as remembering the OSD settings you’ve dialed in even if its fully powered down.
Some complex monitors even have complex controllers that have also store data in them, such as the G-Sync exclusive monitors. These FPGA units are basically small computers, but again, the data they have is used for their programming and internal data. It’s impossible for the monitor to extract data from your PC since its only interaction with it is receiving its video input and controls.
But are there Ways to Use Monitors for Attacks?
Unfortunately, some evidence brought to light by researchers points out that there are some vulnerabilities that have to be addressed. One way a monitor can be exploited is by hacking it and manipulating the pixels to trick the user. Bank details can show different balances or power modes can be changed involuntarily.
This concept has been posted on GitHub, but so far, it has yet to happen to anyone outside of espionage movies. It can be done by inserting a hacked firmware, but the good news that it has to be inserted by having access to one of the monitor’s inputs. You need to be a ninja to be able to sneak into someone’s office and gaming setup to achieve this since it cannot be done online.
Another vulnerability concept we dug up is by manipulating an LCD’s brightness and RGB color values. But again, it’s not doable online, and the hacker needs to have a camera-equipped device to read the data. Users can be tricked to download the infected firmware and theoretically, you can hack into camera systems like CCTVs, but all of this has to be done within line of sight.
So as you can see, the data extraction for monitors relies on their image output instead of what’s contained in their memory modules. For the most part, we are safe especially when you are offline, but technology progresses too fast. It’s not hard to imaging that all of these can be done by a uniquely designed machine, but those still only exist in fantasy or spy-themed movies at the time of this writing.