Screen repairs could result in hacked smartphones

Compromised components could be used to spy on users

Smartphone users have been warned that repaired devices could leave them vulnerable to spying my malicious actors.

Security researchers at the Ben-Gurion University of the Negev in Israel discovered that replacement screens could harbour malware on a chip integrated with the display that could allow hackers to remotely control a smartphone or eavesdrop on conversations and messages.

In a YouTube video, the researchers set up a demonstration of the problem using a Huawei Nexus 6P and an LG G Pad 7.0. Both were fitted with a screen modified with a chip that allowed them to access systems on the devices.

The modified screen could snoop on anything entered on a keyboard, direct victims to phishing websites and install rogue apps, as well as use the phone's camera to take pictures. Other attacks allowed researchers to control the operating system of the devices. The modified screens appear identical to those made by the phone manufacturers themselves.

"In contrast to 'pluggable' drivers, such as USB or network drivers, the component driver's source code implicitly assumes that the component hardware is authentic and trustworthy. As a result of this trust, very few integrity checks are performed on the communications between the component and the device's main processor," said researchers.

In an accompanying research paper, they said that the threat of a malicious peripheral existing inside consumer electronics should not be taken lightly. 

"Attacks by malicious peripherals are feasible, scalable, and invisible to most detection techniques. A well-motivated adversary may be fully capable of mounting such attacks in a large-scale or against specific targets. System designers should consider replacement components to be outside the phone's trust boundary, and design their defences accordingly," said the researchers.

Featured Resources

Digital document processes in 2020: A spotlight on Western Europe

The shift from best practice to business necessity

Download now

Four security considerations for cloud migration

The good, the bad, and the ugly of cloud computing

Download now

VR leads the way in manufacturing

How VR is digitally transforming our world

Download now

Deeper than digital

Top-performing modern enterprises show why more perfect software is fundamental to success

Download now

Recommended

Lookout reveals mobile-first endpoint detection and response solution
Security

Lookout reveals mobile-first endpoint detection and response solution

21 Oct 2020
Cisco finds an increase in security concerns due to remote working
Security

Cisco finds an increase in security concerns due to remote working

21 Oct 2020
Best MDM solutions 2020
mobile device management (MDM)

Best MDM solutions 2020

21 Oct 2020
'Robin Hood' hackers donate stolen Bitcoin to charity
ransomware

'Robin Hood' hackers donate stolen Bitcoin to charity

21 Oct 2020

Most Popular

The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

5 Oct 2020
The enemy of security is complexity
Sponsored

The enemy of security is complexity

9 Oct 2020
What is a 502 bad gateway and how do you fix it?
web hosting

What is a 502 bad gateway and how do you fix it?

5 Oct 2020