Eye if you change the screen of the mobile: could put a malicious chip

[OyaYansa]

When a component of our mobile phone breaks or suffers damage, many users are tempted to replace it with an unofficial replacement to save a little money on repair. But what often happens is that the cheap is expensive: the economic components can not only spoil your smartphone, but also infect it with malware.

According to researchers at the Ben-Gurion University of the Negev in Israel, that is precisely the danger of mobile phones with broken screen using third-party replacements. And is that, according to the study that has carried out this team, cybercriminals can integrate a malicious chip in the replacement panel to steal information and control the reconditioned phones.

The team demonstrated that it is possible to compromise the devices quite simply. In order to carry out the test, they used a Huawei Nexus 6P smartphone and a LG G Pad 7.0 tablet, installed the malicious chip when performing a screen replacement and were able to take control of both terminals. "The threat posed by a malicious peripheral within consumer electronics should not be taken lightly," the researchers explain. "Malicious peripheral attacks are feasible, scalable and invisible to most detection techniques."

Using this technique, the researchers were able to take photos of the owners of the devices and send them to a controlled server, as well as record the keystrokes made on the touch screen keyboard and unlock patterns. In addition, they were also able to exploit operating system vulnerabilities.

"A well-motivated attacker may be fully capable of launching large-scale attacks or controlling specific targets," the team said in the paper. "System designers should consider replacement components as something outside the confidence boundary of the phone and design their defenses accordingly"