Touchscreen replacement is a pretty expensive affair in almost all the smartphones. Usually the OEM’s quote a much higher price than our neighborhood repair stores. Needless to say, most of us settle for an aftermarket touchscreen at less than half the price of the original one. While replacing the screens in itself is a pretty routine thing for most of us, a new paper published by the Ben-Gurion University of the Negev mentions the dangers of the same. The study has found out that the replacement touch screens can be embedded with malicious chips which will eventually help the attacker gain access to your smartphone.
The Researchers have successfully simulated the attacks on Huawei Nexus 6P and an LG G Pad 7.0, both of which run on Android. With the malicious touchscreen in place, the attackers could literally record your photos, app data, push you to phishing websites and also give away the control of your smartphone. The worse part is that the attack will not be flagged off by anti-virus since it will presume that it’s a usual hardware change. The proof is much more damning since the researchers change only the display and the rest of the hardware components remain the same.
Our attack assumes that the phone’s touch controller had been replaced with a malicious component, but that the rest of the hardware and software on the phone is authentic and trusted, A well motivated adversary may be fully capable of mounting such attacks on a large scale or against specific targets. System designers should consider replacement components to be outside the phone’s trust boundary, and design their defences accordingly.
However, on the brighter side, most of the new smartphones are slim and sleek in nature and this doesnt allow leeway for the malicious chip component to be planted in your touchscreen. On the contrary Apple iPhones come baked inw ith a secure module that prevents the features from being tempered. Want to see the exploit in action? Check out the video below