What do you do when your phone screen gets damaged? You seek a replacement screen. Now, not many people would associate a replacement screen with data theft. However, a recent study shows that a replacement screen can be used to steal your data. Researchers from Israel’s Ben Gurion University of the Negev have revealed how this is possible. A malicious chip is embedded in the third-party touchscreen, and this chip can be used to manipulate the communications system on some devices, for example a Huawei Nexus 6P and an LG G Pad 7.0.
This malicious chip allows people with malicious intent to record keyboard inputs, take pictures of the user, install unwanted apps, and direct the user to malicious websites. To make matters worse, the researchers found out that the replacement screen can be made to look identical to the real screen, which means that even smartphone repairers might not even be able to tell which is which. Furthermore, the entire process does not make use of files, which means anti-virus software cannot detect it.
This type of attack is known as the chip-in-the-middle attack. To carry out this attack, the researchers made use of an Arduino platform running on an ATmega 328 micro-controller module, and an STM32L432 micro-controller. They also made use of a hot air blower to separate the touch screen controller from the main assembly boards in order to access its copper pads. Next, the group soldered a copper wire to attach the chips to the device. It is important to note that the micro-controller they used was not specific, as other micro-controllers could do the trick.
Now, this set-up looks quite obvious. Nonetheless, the team says that a little more sophisticated effort would cover this alteration within a repaired device. Furthermore, this is not limited to Android phones; iPhones too are susceptible to this same type of attack.