Hackers can steal smartphone data using a replacement screen
Having your smartphone's screen repaired could leave your device open to attackers, enabling them to steal your data and even compromise your device, experts have warned.
A new study from researchers at Israel's Ben-Gurion University of the Negev has revealed that a replacement screen could be easily altered by potential hackers to gain control of smartphones running Android or iOS.
Third-party touchscreens can be embedded with a malicious integrated chip that could be used to give attackers access to your device. During the course of the study, a Huawei Nexus 6P and a LG G Pad 7.0 were both fitted with a modified screen and the team of researchers were able to gain access to the communications systems of both devices.
The researchers were able to log keyboard inputs, install apps, direct users to phishing websites and even take pictures of those using devices and email them back to the user. Through a second class of attack, they were even able to gain control of the operating system kernel of the Nexus 6P and L G Pad.
Unfortunately it will be hard for anyone to detect these modified screens as they can be produced to appear identical to screens made by manufacturers. To make matters worse, no files are needed to gain access to a user's smartphone and because of this antivirus software is rendered completely useless to stop these kinds of attacks.
The researchers carried out their chip-in-the-middle attacks by using an Arduino platform running on an Atmega328 micro-controller module. However they were also able to recreate the process using a STM32L432 micro-controller which proves that other micro-controllers could also be used to carry out the attack.
Published under license from ITProPortal.com, a Future plc Publication. All rights reserved.