Your phone can be hijacked through a replacement screen
Monday, August 21, 2017 at 2:49AM
Nicole Batac in Ben-Gurion University of the Negev, Breaking news, Mobile, News, Press release, Public service, Security, Study, smartphone, smartphone display

Installing malicious apps or visiting phishing websites aren’t the only things that can compromise security of your phone. A new study finds that even a screen replacement can compromise this. In a newly published paper from Ben-Gurion University of the Negev in Israel, they found that embedding a malicious integrated chip within a third-party touchscreen can manipulate the communications system of a device. They tried this out on a Huawei Nexus 6P and LG G Pad 7.0. The chip was able to do things like take photos of the users and send these via email, record keyboard input, direct users to phishing sites, and install apps. A second class attack also let them exploit vulnerabilities in the devices’s operating system kernel.

The researchers say these screens can be made to look like the real thing and is file-less so it can go undetected by anti-virus software. They made use of an Arduino platform running on an ATmega328 micro-controller module and STM32L432 micro-controller to carry out the task. But other micro-controllers could also work. They used a hot air blower to separate the display from the main assembly board to access the copper pads and then they soldered a copper wire to attach the chips. While it isn’t the most polished job, it could require little effort to hide the altered part. And it affects not just Android but iPhone devices, too. Be careful where you get your screen replaced.

Source: Engadget

Article originally appeared on Reviews, News and Opinion with a Canadian Perspective (https://www.canadianreviewer.com/).
See website for complete article licensing information.