Beware: Replaced Phone Screens Could Let Hackers See All Your Data

Most of us have been in a situation where we have dropped our phone and cracked a screen. The only solution is to visit a repair shop and get the touchscreen replaced. However, new information reveals startling facts regarding replacement phone screens which are said to contain a secret chip that can hijack your phone.

In Usenix Workshop on Offensive Technologies conducted recently, a research paper titled ‘Shattered Trust: When Replacement Smartphone Components Attack‘ has been presented by researchers from the Ben Gurion University.

According to this research, replacement screens can be installed with built-in spying technology with the ability to harvest passwords, install malicious apps, and send pictures to the attacker.

The booby-trapped screens also have the ability exploit the device’s main processor and interfere with all software working.

Chip-in-the-middle Attack

The researchers add that the whole process is file-less, which means it can evade anti-virus software as well. This type of security issue is known as a “chip-in-the-middle” attack.

The researchers used an ATmega328 micro-controller and STM32L432 micro-controller for demonstration. They also told that most other micro-controllers could also do the job.

Hot air blower was used to detach the touchscreen controller from the main assembly boards to access its copper pads. This enabled them to attach a chip and use it for spying and transmitting data.

The researchers claim that both Android phones and iPhones could fall prey to the same types of attacks.

Inexpensive & Indistinguishable

The trickiest part is that it is hard to distinguish malicious screens from the legitimate ones which is why many service technicians are unaware of their malignant nature.

The replacement screens cost less than $10 and could easily be mass-produced. Apparently, only a person with a hardware background can differentiate between a real and fake screen after disassembling it.

The researchers, from Ben-Gurion University of the Negev, wrote:

The threat of a malicious peripheral existing inside consumer electronics should not be taken lightly. As this paper shows, attacks by malicious peripherals are feasible, scalable, and invisible to most detection techniques.

A well motivated adversary may be fully capable of mounting such attacks in a large scale or against specific targets. System designers should consider replacement components to be outside the phone’s trust boundary, and design their defences accordingly.

 


  • Abdul Qadir

    very informative

  • Danish Soaliheen

    Is there any way to check the screen for normal users?

  • Muhammed Ovais Alam

    The replacement screens cost less than $10 and could easily be mass-produced.

    Konsi screens $10 se kam main hain?
    Galaxy S6 Edge ki screen 25k ($245) k around mil rhi hai.

    • The price you pay for the end product has little bearing on what it costs to manufacture it. For example, the iPhone 7 costs $220 to make, but sells for $649. Its display costs an estimated $39 but Apple charges $129 for a replacement if it’s out of warranty.

    • Umair

      Check the price of iPhone. It’s extremely cheap. Only recently I bought one for 20 Euro for iPhone 6.

      • Muhammed Ovais Alam

        You got iPhone 6 in the price of Nokia 3310, Lol!

        • Umair

          Haha! I meant iPhone screen cost me 20 EUR ?

  • AbdulB1

    That’s not happening soon. Stop putting fear… android can be easily hacked that’s why google is always releasing patches. For iOS things work differently as they update very often

  • Silver

    Thanks a lot writer.
    Beware about these also.

    Phone touchscreens, and other similar hardware components
    such as orientation sensors, wireless charging controllers,
    and NFC readers, are often produced by third party
    manufacturers and not by the phone vendors themselves.