Sign In

Communications of the ACM

ACM TechNews

Secret Chips in Replacement Parts Can Completely Hijack Your Phone's Security

View as: Print Mobile App Share:
wires on touch controller

Wires soldered onto the touch controller communication connection.

Credit: Ben-Gurion University of the Negev

Researchers at Ben-Gurion University of the Negev in Israel warn smartphone security can be compromised by repair shops that install replacement parts containing secret, malicious hardware. The research demonstrated that replacement touchscreens could be employed to secretly log passwords, install malware, and circumvent built-in security measures. In addition, the booby-trapped components could be indistinguishable from genuine hardware, facilitating undetectable installation and no signs of tampering.

The team's proof of concept involved embedding a chip that manipulates the phone's communication bus in a touchscreen, to simulate a chip-in-the-middle attack. The chip has malware that surreptitiously executes tasks the end users never initiated, and it can deactivate the display panel to keep the user unaware.

The researchers exploited Android smartphones for their demonstration, but they say tablets and phones running iOS also could be vulnerable to similar attacks. The researchers also offer hardware countermeasures manufacturers can deploy to shield devices from malicious screen-based hacks.

From Ars Technica 
View Full Article


Abstracts Copyright © 2017 Information Inc., Bethesda, Maryland, USA


No entries found