Skip to main content

Giving Your Phone To Repair Shop? A Hacker Can Implant A Secret Hardware In Replacement Parts To Completely Leak User Data


When your smartphone faces a critical problem, or it suffers cracking of screen, what do you do? You might try some hacks and perform some failed attempts, but in most cases, you end up visiting some repair shop and risking the integrity of your device.

This threat has been highlighted in a new research that shows how notorious repair shops can use a specially crafted replacement screen to log keyboard input and take control of your device. It can also be used to install apps full of malware, record patterns, take pictures, and email data to the attacker.
It’s worth noting that when a phone is serviced in a third-party repair shop, the “trust boundary” is broken. There’s no way to certify that the replacement parts haven’t been modified. At 2017 Usenix Workshop on Offensive Technologies, the researchers from the Ben-Gurion University of the Negev presented a paper on the same issue, according to Ars Technica.
The research also shows that the compromised screens and parts, which cost less than $10, can exploit OS flaws and bypass the security protection mechanisms built into the smartphones. As one would expect, the replacement parts can’t be distinguished from the original parts.
Showcasing this risk, the researchers implanted a chip in a regular screen to manipulate the communication bus. By simulating a “chip-in-the-middle” attack, the data transfer from hardware to software drivers is monitored and modified.
To keep the attack hidden, the chip can also power off the display and perform different tasks like taking pictures, logging patterns, etc. One should note that while this demonstration was performed using an Android phone, there’s no reason why this exploit won’t work on iOS devices.
Did you find this article on the chip-in-the-middle attack using a fake display interesting? Don’t forget to share your views.

Comments

WHAT'S HOT

Amazon Cuts Huawei Watch 2 Price To $194.99

Huawei's latest smartwatch has received a temporary price cut in the United States. There is no word on how long the promotion will last, but those interested

This Medical Camera Can See Right Through Human Body

Now, a team at the University of Edinburgh has developed a medical camera that can see right through your body. This new camera works by detecting light sources inside the body, such as

Google Search About To Receive A New “Speed Test Tool”, Here Is How To Use It

I use the Speed Test tool by Ookla to check the speed of my broadband connection. Generally, I use Google Search to visit the website. But the last time when I Googled the term “speed test,” I didn’t have to go much further than the search result itself.

The First Ubuntu 17.10 Beta Release Is Finally Here-Download 7 Different Flavors Here

Following the tradition, the first Beta release hasn’t witnessed the participation of default Ubuntu release, which will now ship with GNOME desktop environment. This brings us to the