Some have already become accustomed to the fact that cybercriminals place malicious code in various applications. Today, viruses are everywhere, even in official app stores. But that’s not all. Israeli scientists have shown that our smartphones can be attacked by a properly prepared replacement screen. This may be very effective method of data, because people like to save money on screen replacement, and they choose unofficial repair points which may supply from unknown vendor.
It is estimated that roughly every fifth smartphone in the world has a broken display. Many people use damaged screens because repair is quite expensive. However, this expenditure can be at least partially reduced by deciding to repair in unauthorized service centres. The price will be lower, but we do not know from what supplier the parts will be used in the repair. Maybe it will be a display, with a modified firmware, which will be used to install malware, take pictures, copy our emails, messages etc. The worst of all is that no anti-virus software will be able to counteract these actions.
The attack presented by the researchers is based on chip-in-the-middle technology.
True, the prototype presented is bulky and will not fit in a smartphone, but it is just a demonstration of a new type of attack. Researchers from Ben-Gurion University in Israel presented their findings at the WOOT ’17 Workshop Program. During the experiment, they modified the display of two Android smartphones, the Huawei Nexus 6P and the LG G Pad 7.0. However, specially modified drivers also work with iOS, so iPhone and iPad devices are also not safe. The price of all accessories needed for the attack does not exceed $10 and cybercriminals can successfully handle miniaturization and mass production. The trick is that the crafted chip extracts commands to the operating system driver of the smartphone. Application of such an attack is limited only by the imagination of the criminal. Especially it is possible to turn off the screen and start performing actions that the user will not be aware of. For presentation purposes, the researchers prepared several recordings during which the display remained on.
Source: Ars Technica