Friday, December 6, 2024
Homecyber securityResearchers Details How Hackers Can Steal Passwords via HDMI Cables

Researchers Details How Hackers Can Steal Passwords via HDMI Cables

Published on

SIEM as a Service

Security researchers have found a new way for hackers to steal sensitive information like passwords by eavesdropping on HDMI cables. This is a worrying development for computer users.

‘Researchers at Universidad de la República in Uruguay discovered that hackers can use artificial intelligence (AI) to decode signals from HDMI cables and see what’s displayed on a computer screen.

They found they could capture the electromagnetic signals from HDMI cables using readily available radio equipment.

- Advertisement - SIEM as a Service

By using deep learning AI to analyze these signals, they could reconstruct text and images from the screen with about 70% accuracy.

proposed system
proposed system

Lead researcher Federico Larroca explained that this accuracy level is often enough for attackers to read passwords, sensitive data, or even encrypted messages on a screen.

How to Build a Security Framework With Limited Resources IT Security Team (PDF) - Free Guide

Their AI system significantly improved the success rate of such eavesdropping attacks, reducing errors by over 60 percentage points.

While it was previously known that older CRT monitors had similar vulnerabilities, modern HDMI connections were thought to be more secure due to their complex digital signals.

However, this new research shows that AI can bypass these security measures, potentially putting millions of computer users at risk.

Enumeration Setup
Enumeration Setup

The good news is that such an attack requires advanced technical skills and specialized equipment. Average home users are unlikely to be targeted.

However, government agencies and large corporations could be more vulnerable to sophisticated attackers.

Federico Larroca warned that advanced hackers or state-level actors might already use similar techniques. An attacker could capture HDMI signals outside a building using hidden equipment, such as in a nearby vehicle.

To protect against this threat, cybersecurity experts recommend being cautious when handling sensitive information, especially near windows or public places.

Using encrypted connections and avoiding showing passwords on external monitors connected via HDMI can also help reduce risks.

The researchers have shared their findings openly to help improve defense measures. This discovery reminds us of the importance of being aware of new digital privacy and security threats.

Are you from SOC and DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Free Access

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Top Five Industries Most Frequently Targeted by Phishing Attacks

Researchers analyzed phishing attacks from Q3 2023 to Q3 2024 and identified the top...

Russian BlueAlpha APT Exploits Cloudflare Tunnels to Distribute Custom Malware

BlueAlpha, a Russian state-sponsored group, is actively targeting Ukrainian individuals and organizations by using...

Russian Hackers Hijacked Pakistani Actor Servers For C2 Communication

Secret Blizzard, a Russian threat actor, has infiltrated 33 command-and-control (C2) servers belonging to...

Sophisticated Celestial Stealer Targets Browsers to Steal Login Credentials

Researchers discovered Celestial Stealer, a JavaScript-based MaaS infostealer targeting Windows systems that, evading detection...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Top Five Industries Most Frequently Targeted by Phishing Attacks

Researchers analyzed phishing attacks from Q3 2023 to Q3 2024 and identified the top...

Russian BlueAlpha APT Exploits Cloudflare Tunnels to Distribute Custom Malware

BlueAlpha, a Russian state-sponsored group, is actively targeting Ukrainian individuals and organizations by using...

Russian Hackers Hijacked Pakistani Actor Servers For C2 Communication

Secret Blizzard, a Russian threat actor, has infiltrated 33 command-and-control (C2) servers belonging to...