Going for official repairs is always a good idea, and now, there is one more reason to support this view, especially if you are going to get the touch screen replaced. A recent study found that replacement touch screens embedded with malicious chips can be used to hack your phone.
How researchers carried out the attack
In research conducted by the Ben-Gurion University of the Negev, researchers carried out simulated attacks on two Android devices: the LG G Pad 7.0 and Huawei Nexus 6P. The researchers were able to get into the devices with the help of a malicious chip in a third-party touch screen, according to Ars Technica.
This type of low-cost attack is referred to as a “chip-in-the-middle” scenario. For the process, researchers used the Arduino platform running on an ATmega328 micro-controller module, and an STM32L432 micro-controller. Researchers noted that most other micro-controllers would also work. To separate the micro-controller from the motherboard and access its copper pads, the researchers use a hot air blower. Then they used a copper wire to embed their chip into the device.
In a paper presented at the 2017 Usenix Workshop on Offensive Technologies, researchers also shared a video PoC showing how they used malicious replacement touch screens to deliver the arbitrary software needed to get into the device. According to the researchers, they were able to completely hijack the handsets in about 65 seconds.
Replacement touch screens could prove dangerous
Such replacement touch screens, according to researchers, could capture photos, record keyboard inputs and app data, or even direct users to phishing websites. Researchers were also able to exploit vulnerabilities in the handset’s OS kernel.
In addition, anti-virus programs are unable to detect such threats, as the entire process is file-less, and they also escape operating system updates and factory resets. What’s even more dangerous is the fact that your friendly repair shop may be unaware that the screen they are replacing the screen on your device with contains a malicious chip.
Though the alternations made were not completely invisible, researchers noted that with more effort, the altered parts can easily be hidden within the handset.
“Well motivated adversary [sic] may be fully capable of mounting such attacks in a large scale or against specific targets. System designers should consider replacement components to be outside the phone’s trust boundary, and design their defenses accordingly,” the researchers said.
How to limit such threats
Not only are Android devices at risk, but the paper claims that iPhones are also vulnerable to such attacks. Most of the current smartphones, however, are made such to prevent or limit any internal manipulation. For instance, iPhones come with secure modules to prevent tampering with features like the Touch ID, notes The Verge.
To limit vulnerabilities, the researchers suggested some low-cost countermeasures that handset manufacturers can implement. To assure customers that their device is using only certified parts, the researchers also request a robust certification process for replacement parts.
“The threat of a malicious peripheral existing inside consumer electronics should not be taken lightly,” the researchers warn.