Replacement Screens Embedded With Malicious Chips Can Be Used to Control Your Phone
There are so many ways a hacker can get access to your devices. You tackle it and they are back with new methods. So, there is no end to the means by which the hackers can get access to your smartphone. It is gradually getting simpler for hackers to break into smartphones via malicious apps through app stores.
However, a new study has revealed that the users’ information can be compromised after changing the broken screen with a third-party display with malicious chips. The research team at the Ben-Gurion University of the Negev, Israel, has discovered that a substitute screen can potentially give hackers power over your tablet or smartphone. According to them, it is executed by them by inserting a malicious chip within a third-party screen that can be utilized to record keyboard patterns and input, install malicious applications, take images, and email them to the hacker with no knowledge to the users.
Particularly, these chips are priced at less than $10 and can be produced in bulk, and can be purchased by third-party service centers. Also, these malicious chips are difficult to differentiate from the legitimate ones, making their recognition even harder. The researchers were able to break into an LG G Pad 7.0 and Huawei Nexus 6P by integrating a malicious chip. They discovered that apart from installing apps, recording keyboard inputs, and other remote controls, the attack could also exploit susceptibilities in the operating system kernel of a smartphone.
This sort of attack usually known as “chip-in-the-middle,” wherein a malicious incorporated circuit is implanted within 2 points and observes the conversations they exchange. The team, in this case, used an Arduino platform operating on an ATmega328 microcontroller module to execute the attack. They also utilized an STM32L432 micro-controller; however, they consider that most other general-purpose microcontrollers would also function. The team then utilized a hot air blower to part the touchscreen controller from the key assemblage, which enabled them to break into the copper pads. Further, they fused a copper wire to fasten the chips to the handset.
They mention that with a little more effort, the substitute part can be concealed flawlessly within the phone and one would not be able to identify it. While these were Android-based test devices, the team says that iOS devices such as iPhone and iPad models are also vulnerable to such doltish traps.
Besides, the report also recommends stronger certification procedure for substitution parts so that the user is sure only licensed parts go into their device.