Skip to main content

Giving Your Phone To Repair Shop? A Hacker Can Implant A Secret Hardware In Replacement Parts To Completely Leak User Data


When your smartphone faces a critical problem, or it suffers cracking of screen, what do you do? You might try some hacks and perform some failed attempts, but in most cases, you end up visiting some repair shop and risking the integrity of your device.

This threat has been highlighted in a new research that shows how notorious repair shops can use a specially crafted replacement screen to log keyboard input and take control of your device. It can also be used to install apps full of malware, record patterns, take pictures, and email data to the attacker.
It’s worth noting that when a phone is serviced in a third-party repair shop, the “trust boundary” is broken. There’s no way to certify that the replacement parts haven’t been modified. At 2017 Usenix Workshop on Offensive Technologies, the researchers from the Ben-Gurion University of the Negev presented a paper on the same issue, according to Ars Technica.
The research also shows that the compromised screens and parts, which cost less than $10, can exploit OS flaws and bypass the security protection mechanisms built into the smartphones. As one would expect, the replacement parts can’t be distinguished from the original parts.
Showcasing this risk, the researchers implanted a chip in a regular screen to manipulate the communication bus. By simulating a “chip-in-the-middle” attack, the data transfer from hardware to software drivers is monitored and modified.
To keep the attack hidden, the chip can also power off the display and perform different tasks like taking pictures, logging patterns, etc. One should note that while this demonstration was performed using an Android phone, there’s no reason why this exploit won’t work on iOS devices.
Did you find this article on the chip-in-the-middle attack using a fake display interesting? Don’t forget to share your views.

Comments

Follow Us

WHAT'S HOT

Fappening 2.0 Continues: Private Photos Leak Affects Miley Cyrus, Rosario Dawson, Suki Waterhouse

ust when we thought that Fappening 2.0 leaks were over, the 4th wave just arrived. This alleged leak of private pictures has affected Miley Cyrus, Rosario Dawson, and Suki Waterhouse. Reported by myth-busting publication Gossip Cop, the pictures were first posted on notorious website Celeb Jihad.

84-year-old woman dies after being stung more than 500 times by swarm of bees (photos)

An 84-year-old woman from Brazil died after she was stung by a whole beehive She was out collecting firewood when she disturbed the bees who stung her until rescuers arrived The old woman died from the beestings on her way to the hospital 84-year-old Divina Ambrósio de Jesus from Brazil recently died after she got stung by a swarm of bees. The beestings covered the old woman's body including her face The old lady was out collecting firewood when she accidentally disturbed a beehive. The bees repeatedly sting the old lady for 30 minutes.

MC Galaxy – DIO (Refix) | prod. KrizBeatz

“With the recently released  “MMM” Album  still causing a furore online and on the streets, MCG Empire Boss –  MC GALAXY  comes through with the  refix  to  DIO  (which means come), the 3rd track of the critically acclaimed sophomore body of work.

Man beats up boyfriend of woman who spat on him on a train (Video)

A woman spat on a man on the train, but instead of the man hitting the girl he beat up her boyfriend. What do you think of his action? Watch video below.. ..