Installing malicious apps or visiting phishing websites aren’t the only things that can compromise security of your phone. A new study finds that even a screen replacement can compromise this. In a newly published paper from Ben-Gurion University of the Negev in Israel, they found that embedding a malicious integrated chip within a third-party touchscreen can manipulate the communications system of a device. They tried this out on a Huawei Nexus 6P and LG G Pad 7.0. The chip was able to do things like take photos of the users and send these via email, record keyboard input, direct users to phishing sites, and install apps. A second class attack also let them exploit vulnerabilities in the devices’s operating system kernel.
The researchers say these screens can be made to look like the real thing and is file-less so it can go undetected by anti-virus software. They made use of an Arduino platform running on an ATmega328 micro-controller module and STM32L432 micro-controller to carry out the task. But other micro-controllers could also work. They used a hot air blower to separate the display from the main assembly board to access the copper pads and then they soldered a copper wire to attach the chips. While it isn’t the most polished job, it could require little effort to hide the altered part. And it affects not just Android but iPhone devices, too. Be careful where you get your screen replaced.
Source: Engadget