Hiding malware in boobytrapped replacement screens would undetectably compromise your mobile device

On the one hand, if you let an untrusted stranger install hardware in your electronic device, you're opening yourself up to all kinds of potential mischief; on the other hand, an estimated one in five smartphones has a cracked screen and the easiest, most efficient and cheapest way to get that fixed is to go to your corner repair-shop.

In Shattered Trust: When Replacement Smartphone Components Attack, a paper presented by four Ben Gurion University researchers at the recent 2017 Usenix Workshop on Offensive Technologies, they demonstrate that they can build add undetectable spying technology to replacement screens for as little as $10, and that once installed, these new screens would have near-total control over the device, able to harvest passwords, install apps, and send screenshots to the attacker. The screens could also exploit the device's main processor and interfere with OS-level operations.

The researchers demonstrated their attack on Android devices but make a compelling case for being able to exploit Apple devices as well.


While this demonstrates a risk of third party repair, the risk of centralized repair is out-of-scope, but also real. As we saw with the Snowden revelations, spy agencies intercept equipment on its way to and from manufacturers in order to booby-trap it with malware — being able to choose your repair depot can mitigate that attack. The Yahoo and AT&T revelations also demonstrated that even very large and trusted companies can be suborned to acting illegally as surveillance agents, exploiting their customers on behalf of governments (or crooks, or anyone else who can trick, coerce or subvert key employees).


To send malicious commands to the drivers and touch screen, the researchers used an Arduino platform running on an ATmega328 micro-controller module. They also used an STM32L432 micro-controller and believe that most other general-purpose micro-controllers would also work. The researchers used a hot air blower to separate the touch screen controller from the main assembly and, with that, to gain access to the copper pads that connected them. They then connected the chips to the devices using wires that extended out of the phone. With slightly more work, the researchers believe the entire booby-trapped replacement part could be seamlessly hidden inside a reassembled phone.

Shattered Trust: When Replacement Smartphone Components Attack [Omer Shwartz, Amir Cohen, Asaf Shabtai and Yossi Oren/2017 Usenix Workshop on Offensive Technologies]


Secret chips in replacement parts can completely hijack your phone's security
[Dan Goodin/Ars Technica]