Giving Your Phone To Repair Shop? A Hacker Can Implant A Secret Hardware In Replacement Parts To Completely Leak User Data

When your smartphone faces a critical problem, or it suffers cracking of screen, what do you do? You might try some hacks and perform some failed attempts, but in most cases, you end up visiting some repair shop and risking the integrity of your device.

This threat has been highlighted in a new research that shows how notorious repair shops can use a specially crafted replacement screen to log keyboard input and take control of your device. It can also be used to install apps full of malware, record patterns, take pictures, and email data to the attacker.

It’s worth noting that when a phone is serviced in a third-party repair shop, the “trust boundary” is broken. There’s no way to certify that the replacement parts haven’t been modified. At 2017 Usenix Workshop on Offensive Technologies, the researchers from the Ben-Gurion University of the Negev presented a paper on the same issue, according to Ars Technica.

The research also shows that the compromised screens and parts, which cost less than $10, can exploit OS flaws and bypass the security protection mechanisms built into the smartphones. As one would expect, the replacement parts can’t be distinguished from the original parts.

Showcasing this risk, the researchers implanted a chip in a regular screen to manipulate the communication bus. By simulating a “chip-in-the-middle” attack, the data transfer from hardware to software drivers is monitored and modified.

To keep the attack hidden, the chip can also power off the display and perform different tasks like taking pictures, logging patterns, etc. One should note that while this demonstration was performed using an Android phone, there’s no reason why this exploit won’t work on iOS devices.

Did you find this article on the chip-in-the-middle attack using a fake display interesting? Don’t forget to share your views.