Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Hackers Can Hijack Phones via Replacement Screens: Researchers

Touchscreens and other components that are often replaced in smartphones and tablets can hide malicious chips capable of giving attackers complete control over the device, warned researchers at the Ben-Gurion University of the Negev.

Touchscreens and other components that are often replaced in smartphones and tablets can hide malicious chips capable of giving attackers complete control over the device, warned researchers at the Ben-Gurion University of the Negev.

Researchers conducted their experiments on two Android devices: a Huawei Nexus 6P smartphone which uses a touchscreen controller from Synaptics, and an LG G Pad 7.0 tablet that uses an Atmel controller. However, the experts believe many other devices are also vulnerable to these types of attacks, including ones made by Apple.

In their tests, the researchers used a hot air blower to separate the touch screen controller from the main assembly board and access the copper pads. They then connected the pads to an integrated chip that manipulates the communication bus, effectively launching a chip-in-the-middle attack. STM32L432 and Arduino microcontrollers, which cost roughly $10 each, have been used in the experiments.

The malicious chip can exploit vulnerabilities in the device driver to compromise the phone or tablet while ensuring that it does not stop functioning correctly.

Videos have been published to show how a malicious touchscreen can be used to install arbitrary software, take pictures with the camera and send them to the attacker via email, replace a legitimate URL with a phishing URL, capture and exfiltrate screen unlock patterns, and take complete control of the targeted device.

Completely hijacking a phone takes the longest, roughly 65 seconds, but some operations, such as replacing a URL, take less than one second to complete.

While attacks involving hardware replacements are not unheard of, the scenario described by Ben Gurion University researchers relies on replacing a component with a limited hardware interface, and assumes that the repair technician installing the replacement screen is not involved and does not conduct any operations other than replacing the broken component with a malicious one that has been provided to them.

Advertisement. Scroll to continue reading.

The researchers notified Google of the Synaptics device driver vulnerabilities in February and patches were included in the June 2017 Android security updates. They are also working on notifying the developers of the Armel device driver of the discovered issues.

The experts have also proposed a series of hardware-based countermeasures to prevent such attacks.

Related: DARPA Wants Hardware With Built-in Security

Related: Rapid7 Adds Hardware Testing Capabilities to Metasploit

Related: Intel Offers Up to $30,000 for Hardware Vulnerabilities

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...