If you own a smartphone nowadays, there’s a high possibility that you would have dropped it and had the display replaced. Well if you haven’t dropped it, then you should probably consider yourself lucky. But for those of you who have gone through the pain and despair of having their display replaced, did you know that your replacement display could actually compromise your personal information?
According to a recent study published by the Ben-Gurion University of the Negev, researchers took control of two Android smartphones, namely a Huawei Nexus 6P and a LG G Pad 7.0 simply by using a malicious chip that was embedded into a 3rd party touch screen. As such, any touchscreen or display with these malicious chips could be used to record your photos and app data and also can be used to redirect users to phishing websites to gain control over their device. A simple keylogger program that is coded into these chips could transmit all recorded keystrokes to the hacker who would then be able to analyze it and use your personal information for nefarious purposes.
Since the chips are hardwired into the circuitry of the display, it will not be susceptible to anti-virus programs nor factory resets. Even if you’re like me and you root your phone and install a custom ROM, you would still not be safe from harm. For the study, the researcher used a hot air blower on the device’s touch controller connection to solder their malicious chips. According to them, their attack assumes that the device’s touch controller has been replaced with a malicious one, but the rest of the device’s components along with the software is untouched.
This would be an eye opener for system designers as they should really consider designing their defenses accordingly so that a hacker wouldn’t be able to manipulate the display in such a way. For example, Apple iPhones have a security module that essentially blocks features such as Touch ID from being tampered, resulting in a greater level of security.
In addition, if you damage your smartphone’s display and you need to get it replaced, you should always return it to the original vendor where possible, rather than handing it over to repair centers in the vicinity. True enough, it may be easier, but if you hand it over to the authorized distributors and repair centers, then you’re guaranteed a higher level of security when compared to 3rd party vendors. The latter may use replacement displays that are not from the original equipment manufacturer and as such, could even have some of these malicious chips installed into them.
Always bear in mind to only give your smartphone to those who you trust. Always keep your data backed up and if possible, wipe the data before handing it in for repairs.