Screen repairs could result in hacked smartphones
Compromised components could be used to spy on users
Smartphone users have been warned that repaired devices could leave them vulnerable to spying my malicious actors.
Security researchers at the Ben-Gurion University of the Negev in Israel discovered that replacement screens could harbour malware on a chip integrated with the display that could allow hackers to remotely control a smartphone or eavesdrop on conversations and messages.
In a YouTube video, the researchers set up a demonstration of the problem using a Huawei Nexus 6P and an LG G Pad 7.0. Both were fitted with a screen modified with a chip that allowed them to access systems on the devices.
The modified screen could snoop on anything entered on a keyboard, direct victims to phishing websites and install rogue apps, as well as use the phone's camera to take pictures. Other attacks allowed researchers to control the operating system of the devices. The modified screens appear identical to those made by the phone manufacturers themselves.
"In contrast to 'pluggable' drivers, such as USB or network drivers, the component driver's source code implicitly assumes that the component hardware is authentic and trustworthy. As a result of this trust, very few integrity checks are performed on the communications between the component and the device's main processor," said researchers.
In an accompanying research paper, they said that the threat of a malicious peripheral existing inside consumer electronics should not be taken lightly.
"Attacks by malicious peripherals are feasible, scalable, and invisible to most detection techniques. A well-motivated adversary may be fully capable of mounting such attacks in a large-scale or against specific targets. System designers should consider replacement components to be outside the phone's trust boundary, and design their defences accordingly," said the researchers.
Key considerations for implementing secure telework at scale
Identifying the security risks and advanced requirements of a remote workforceDownload now
The State of Salesforce 2020
Your guide to getting the most from SalesforceDownload now
Fast, flexible and compliant e-signatures for global businesses
Be at the forefront of digital transformation with electronic signaturesDownload now
Rethink your cybersecurity strategy for the new world
5 steps to secure the enterprise and be fit for a flexible futureDownload now