• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 24th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Technology News
iPhone

Beware – Smartphones Can Be Hacked With Malicious Replacement Parts

August 21st, 2017 Waqas Security, Android, iPhone, Technology News 0 comments
Beware – Smartphones Can Be Hacked With Malicious Replacement Parts
Share on FacebookShare on Twitter

IT security researchers at Israel based the Ben-Gurion University of the Negev has discovered that smartphone users looking to replace or repair their device can become the target of a sophisticated hack attack allowing hackers to steal personal and financial data.

The researchers conducted their tests on LG G Pad 7.0 and Huawei Nexus 6P smartphones and demonstrated that even a simple screen replacement could cause huge damage to the user because attackers can embed a malicious integrated chip within the touchscreen since third-party manufacturers produce these screens.

Beware - Smartphones Can Be Hacked With Malicious Replacement Parts

Chip used by researchers – Image Credit: Omer Shwartz

This allowed researchers to access personal data of the user including recording keyboard commands, taking pictures or record videos of the owner, install malicious apps, send commands without the knowledge of the owner and even taking the user to malicious and phishing websites. In the second phase, researchers noticed that the malicious chip could also exploit security flaws in the operating system kernel of a targeted device.

According to the study: “In contrast to ‘pluggable’ drivers, such as USB or network drivers, the component driver’s source code implicitly assumes that the component hardware is authentic and trustworthy. As a result of this trust, very few integrity checks are performed on the communications between the component and the device’s main processor.”

[fullsquaread][/fullsquaread]

The biggest issue with this attack is that once the original screen is replaced with the malicious one, it is almost impossible to know the difference and since it’s a file less attack it can evade anti-virus detection. That means an attacker with above average knowledge of smartphone hardware can easily target its victims without their knowledge.

[q]”A well-motivated adversary may be fully capable of mounting such attacks in a large-scale or against specific.”[/q]

“We analyze the operation of a commonly used touchscreen controller. We construct two standalone attacks, based on malicious touchscreen hardware, that function as building blocks toward a full attack: a series of touch injection attacks that allow the touchscreen to impersonate the user and exfiltrate data, and a buffer overflow attack that lets the attacker execute privileged operations. Combining the two building blocks, we present and evaluate a series of end-to-end attacks that can severely compromise a stock Android phone with standard firmware. Our results make the case for a hardware-based physical countermeasure.” researchers explained (Pdf).

Although the research was conducted on Android devices, the researchers warned that iPhones could also be targeted with similar attacks. The researchers presented their findings during 2017 Usenix Workshop on Offensive Technologies.

A well-motivated adversary may be fully capable of mounting such attacks in a large-scale or against specific targets. System designers should consider replacement components to be outside the phone’s trust boundary, and design their defenses accordingly, the researchers concluded.

Watch the demonstration below:

Source: ISS
Via: Arstechnica

  • Tags
  • Android
  • hacking
  • internet
  • iOS
  • iPhone
  • Malware
  • Privacy
  • security
  • Technology
  • Vulnerability
Facebook Twitter LinkedIn Pinterest
Previous article HBO hackers threaten to leak Game of Thrones' season finale
Next article Enigma Marketplace Hacked; $500,000 in Ethereum Stolen
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
SonicWall hacked after 0-day flaws exploited by hackers

SonicWall hacked after 0-day flaws exploited by hackers

Gamarue malware found in UK Govt-funded laptops for homeschoolers

Gamarue malware found in UK Govt-funded laptops for homeschoolers

Shazam Vulnerability exposed location of Android, iOS users

Shazam Vulnerability exposed location of Android, iOS users

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
SonicWall hacked after 0-day flaws exploited by hackers
Hacking News

SonicWall hacked after 0-day flaws exploited by hackers

56
Massive privacy risk as hacker sold 2 million MyFreeCams user records
Cyber Crime

Massive privacy risk as hacker sold 2 million MyFreeCams user records

113
Gamarue malware found in UK Govt-funded laptops for homeschoolers
Security

Gamarue malware found in UK Govt-funded laptops for homeschoolers

554

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us