A Replacement Screen Could Offer Hackers A Key To Your Smartphone

You might need to take extra precaution if you are getting third-party replacement parts fitted inside your smartphone — these parts could contain chips which can be used to hack your smartphone and extract important information, including your financial information and other passwords.

According to a new study by a group of researchers from Israel’s Ben Gurion University, titled “Shattered trust: When replacement smartphone components attack,” replacement displays, NFC readers, wireless charging components and other such smartphone parts, mostly sourced from third-party manufacturers can be easily used to hack into a device.

The third-party source code can be easily integrated into the vendor’s source code — the smartphone part will show a regular screen to the user while accessing information in the background. Since the part will be well-integrated into the device, it will also override the smartphone security protocols, and be assumed to be trustworthy by the software.

The researchers have showcased how a smartphone can be hacked using a replacement display in a video.

In the video, a malicious chip is integrated into the third-party touchscreen and is easily able to target the communication system of a Huawei Nexus 6P or an LG G Pad 7.0. This hack allowed the researchers to record all communication done on the smartphone including emails sent, the keyboard input used for sending messages, making calls and more. The researchers were also able to install malicious apps, which makes the scenario even scarier as a user’s device can be used for any illegal activity using such apps.

The study further claims that it is very difficult to differentiate between such malicious components and company parts — even seasoned technicians might not be able to differentiate between the two.

Also, since the hack is based on hardware and not software, even an antivirus would not be able to scan such vulnerabilities and as a result, a smartphone user would be at risk even if the person has taken all the regular precautions to protect the mobile data.

This kind of hack isn’t even expensive, cheap components can be fitted with maliciously programmed chips. In the given instance, researchers used commonly available components such as the ATmega328 single microchip controller — which is used for reading and writing files in a smartphone. When you copy a file or attach it in apps and mail, this is the hardware being used.