Sign In

Communications of the ACM

ACM TechNews

Secret Chips in Replacement Parts Can Completely Hijack Your Phone's Security


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
wires on touch controller

Wires soldered onto the touch controller communication connection.

Credit: Ben-Gurion University of the Negev

Researchers at Ben-Gurion University of the Negev in Israel warn smartphone security can be compromised by repair shops that install replacement parts containing secret, malicious hardware. The research demonstrated that replacement touchscreens could be employed to secretly log passwords, install malware, and circumvent built-in security measures. In addition, the booby-trapped components could be indistinguishable from genuine hardware, facilitating undetectable installation and no signs of tampering.

The team's proof of concept involved embedding a chip that manipulates the phone's communication bus in a touchscreen, to simulate a chip-in-the-middle attack. The chip has malware that surreptitiously executes tasks the end users never initiated, and it can deactivate the display panel to keep the user unaware.

The researchers exploited Android smartphones for their demonstration, but they say tablets and phones running iOS also could be vulnerable to similar attacks. The researchers also offer hardware countermeasures manufacturers can deploy to shield devices from malicious screen-based hacks.

From Ars Technica 
View Full Article

 

Abstracts Copyright © 2017 Information Inc., Bethesda, Maryland, USA


 

No entries found