If you are a clumsy person who often ends up at a repair shop due to a broken smartphone, then we have some bad news for you. A new study shows that replacement parts on your smart devices could potentially expose you to third-parties.
A group of Israeli researchers claims that a new smartphone screen from small vendors could easily be altered to override your mobile. These claims are part of their newly published paper titled ‘Shattered Trust: When Replacement Smartphone Components Attack’.
The researchers have backed their claims by showing complete videos in which they embedded a malicious integrated chip in a third-party manufactured touchscreen. This screen was then installed on a Huawei Nexus 6P and LG G Pad 7.0 and a malicious software was installed on it. Using it the researchers were able to sneakily snap photos of the person using the smartphone and forward them via email, URLs were replaced with phishing URLs, the lock screen pattern was logged and exfiltrated. In another attack, the phone was completely compromised when vulnerabilities in the handset’s operating system kernel were exploited. This experiment was performed on Android smartphones but the researchers say that Apple users are at just big a risk.
This paper sounds an alarm for a lot of us who tend to get replacement parts from non-trustworthy sources. Most of the smartphone hardware equipment in the market has been developed by third-party manufacturers and not the phone vendors themselves. These replacement parts look just like the original parts and sometimes your most-trusted smartphone handyman may not be able to point out that it is malicious. Furthermore, once such a part in installed on your device, the leakage of your sensitive data is file-less and hence even your anti-virus won’t prove helpful.
Next time you break your smartphone and need to get a part replaced, think twice!
Watch the complete experiment the researchers performed here:
Samsung reveals several Note 8 features in two new videos