Replacement screens could be used to hijack your phone, study claims
New research sets out to prove a booby-trapped screen replacement could be used to hijack a smartphone, bypassing security protections and sending personal data to an attacker.
In a paper presented at the 2017 Usenix Workshop on Offensive Technologies, researchers from Israel’s Ben-Gurion University of the Negev show how parts costing less than $10 (£8) can be used to maliciously override a smartphone. By embedding an integrated chip into a third-party touchscreen, they showed it was possible to interfere with the communication system that transfers data from the device’s hardware to the operating system.
Demonstrated on a Huawei Nexus 6P and LG G Pad 7.0, the researchers first used a hair dryer to separate the devices’ touchscreen controllers from the main assembly, then used an Arduino platform running on an ATmega328 microcontroller to connect to the hardware’s copper pads. Some soldering later, and they successfully set up a “chip-in-the-middle” attack, allowing them to remotely log keyboard inputs, install apps and take pictures of the user that could be emailed to the attacker.
The researchers did the same thing with an STM32L432 microcontroller, and claim that the same technique setup should be pulled off with other general-purpose microcontrollers. The result of their experiment was a conspicuous bundle of wires, but the authors of the paper believe that – with a bit more effort – the malicious parts could be made to look indistinguishable from a standard replacement touchscreen.
“The threat of a malicious peripheral existing inside consumer electronics should not be taken lightly,” they write. “As this paper shows, attacks by malicious peripherals are feasible, scalable, and invisible to most detection techniques. A well-motivated adversary may be fully capable of mounting such attacks in a large scale or against specific targets. System designers should consider replacement components to be outside the phone’s trust boundary, and design their defenses accordingly.”
READ NEXT: Motorola patents a self-healing phone screen
The research was conducted on Android phones, but the paper indicates that similar attacks could be used on iPhones. Suggested countermeasures include the use of low-cost hardware-based protections, which the authors say would not require any changes to be made to the device’s CPU.
While the research highlights the potential for interfering with a device using booby-trapped hardware parts, security expert Davey Winder points to the fact that – if a potential hacker is already close enough to your phone to replace its touchscreen – there are far easier ways for them to obtain your data.
“If, as the researchers say, with a little more effort it could be possible to hide the hack, then why not put that little extra effort in and make the warning more realistic?” Winder, who is managing analyst at IT Security Thing, told Alphr.
“Here’s the thing: if a threat actor has physical possession of your device, there are already many ways to compromise it so that they can garner all this data without worrying about changing the touchscreen. Why would they complicate matters to this degree? Access to the device, with the time to compromise it, is all it takes for it to be game over.”