Communications of the ACM
Secret Chips in Replacement Parts Can Completely Hijack Your Phone's Security
Wires soldered onto the touch controller communication connection.
Credit: Ben-Gurion University of the Negev
Researchers at Ben-Gurion University of the Negev in Israel warn smartphone security can be compromised by repair shops that install replacement parts containing secret, malicious hardware. The research demonstrated that replacement touchscreens could be employed to secretly log passwords, install malware, and circumvent built-in security measures. In addition, the booby-trapped components could be indistinguishable from genuine hardware, facilitating undetectable installation and no signs of tampering.
The team's proof of concept involved embedding a chip that manipulates the phone's communication bus in a touchscreen, to simulate a chip-in-the-middle attack. The chip has malware that surreptitiously executes tasks the end users never initiated, and it can deactivate the display panel to keep the user unaware.
The researchers exploited Android smartphones for their demonstration, but they say tablets and phones running iOS also could be vulnerable to similar attacks. The researchers also offer hardware countermeasures manufacturers can deploy to shield devices from malicious screen-based hacks.
From Ars Technica
View Full Article
Abstracts Copyright © 2017 Information Inc., Bethesda, Maryland, USA
No entries found