12 December 2017
Most of the time when the screen on your smartphone shatters, you give it to a local shop to get it repaired. Did you ever think that giving it to them could lead to compromising sensitive data stored on your smartphone? Has the thought ever crossed your mind? If it has, your nightmare just may have become a reality. A study by researchers at the University of the Negev has surfaced on the internet showing how phones can be hacked at third party outlets when fixing a shattered screen. This leaves your device vulnerable to attackers who are looking to steal personal data. So how does this actually work?
It’s done through the use of a malicious chip which is embedded within the replacement device, giving full control to the attacker. What’s even scarier is the fact that it’s not done through software where anti-virus tools can remove it. It’s carried out through a physical chip which can be easily applied to the screen. The researchers at the University of the Negev even demonstrated how this could be done by hijacking a Huawei Nexus 6P smartphone and an LG G Pad 7 tablet. Notice how this can be done on a phone as well as a tablet! After hijacking the devices, the researchers showed how sensitive information such as passwords as well as downloaded apps could be seamlessly accessed. Phishing attempts were also made successfully using the above-mentioned devices.
Unfortunately, iPhone users may also be subjected to a similar attack as claimed by the researchers. This demonstration was done in order to caution manufacturers and urge them to take up more security measures on a hardware level as well. Here’s what the University of the Negev researchers had to say:
A well-motivated adversary may be fully capable of mounting such attacks in a large scale or against specific targets…System designers should consider replacement components to be outside the phone's trust boundary and design their defences accordingly.
Hackers can now use a malicious chip when repairing a smashed screen on your smartphone to gain access to all your data.