Screen repairs could result in hacked smartphones
Compromised components could be used to spy on users
Smartphone users have been warned that repaired devices could leave them vulnerable to spying my malicious actors.
Security researchers at the Ben-Gurion University of the Negev in Israel discovered that replacement screens could harbour malware on a chip integrated with the display that could allow hackers to remotely control a smartphone or eavesdrop on conversations and messages.
In a YouTube video, the researchers set up a demonstration of the problem using a Huawei Nexus 6P and an LG G Pad 7.0. Both were fitted with a screen modified with a chip that allowed them to access systems on the devices.
The modified screen could snoop on anything entered on a keyboard, direct victims to phishing websites and install rogue apps, as well as use the phone's camera to take pictures. Other attacks allowed researchers to control the operating system of the devices. The modified screens appear identical to those made by the phone manufacturers themselves.
"In contrast to 'pluggable' drivers, such as USB or network drivers, the component driver's source code implicitly assumes that the component hardware is authentic and trustworthy. As a result of this trust, very few integrity checks are performed on the communications between the component and the device's main processor," said researchers.
In an accompanying research paper, they said that the threat of a malicious peripheral existing inside consumer electronics should not be taken lightly.
"Attacks by malicious peripherals are feasible, scalable, and invisible to most detection techniques. A well-motivated adversary may be fully capable of mounting such attacks in a large-scale or against specific targets. System designers should consider replacement components to be outside the phone's trust boundary, and design their defences accordingly," said the researchers.
How inkjet can transform your business
Get more out of your business by investing in the right printing technologyDownload now
Journey to a modern workplace with Office 365: which tools and when?
A guide to how Office 365 builds a modern workplaceDownload now
Modernise and transform your sales organisation
Learn how a modernised sales process can drive your businessDownload now
Your guide to managing cloud transformation risk
Realise the benefits. Mitigate the risksDownload now