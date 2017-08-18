Secret Chips in Replacement Parts Can Completely Hijack Your Phone's Security (arstechnica.com) 20
Dan Goodin, writing for ArsTechnica: People with cracked touch screens or similar smartphone maladies have a new headache to consider: the possibility the replacement parts installed by repair shops contain secret hardware that completely hijacks the security of the device. The concern arises from research that shows how replacement screens -- one put into a Huawei Nexus 6P and the other into an LG G Pad 7.0 -- can be used to surreptitiously log keyboard input and patterns, install malicious apps, and take pictures and e-mail them to the attacker. The booby-trapped screens also exploited operating system vulnerabilities that bypassed key security protections built into the phones. The malicious parts cost less than $10 and could easily be mass-produced. Most chilling of all, to most people, the booby-trapped parts could be indistinguishable from legitimate ones, a trait that could leave many service technicians unaware of the maliciousness. There would be no sign of tampering unless someone with a background in hardware disassembled the repaired phone and inspected it. The research, in a paper presented this week (PDF) at the 2017 Usenix Workshop on Offensive Technologies, highlights an often overlooked disparity in smartphone security. The software drivers included in both the iOS and Android operating systems are closely guarded by the device manufacturers, and therefore exist within a "trust boundary."
I wonder which phone manufacturers sponsored this FUD. Technically possible? Sure. Any evidence it has ever occurred in the wild? No. Would this sort of malicious hardware have to transmit data in some way to offload the stolen information, thus raising alarms in various corporate type networks and the like? Eventually.
How can a screen or digitizer communicate to the outside world? It likely isn't on a bus where it can ask the radio or NIC to packetize stuff it feels like. At best, it can record taps on a screen, but getting those out would be a different story. Perhaps for physical snooping where the device is captured later on (say to glean someone's PIN), but for a remote attacker, it isn't that feasible.
Not only is it FUD, but it could be done with brand-new phones. Thousands of people have access to the supply chain and at any point could pull inventory, modify/replace the original parts, and swap them back in. The fact is that there is no reasonable commercial incentive for the random repair person at a store to spy on the random customer that has his screen replaced, and it would be super simple to catch the responsible party. Talk about hard evidence!
if you're a front for organized crime, then it's an easy way to hijack people's phones
Perhaps you're not familiar with how security research works. Stopping at "is this being exploited in the wild now?" is shortsighted.
Dumb question here. Why do we trust Apple or Samsung parts more than Huwai?
thus raising alarms in various corporate type networks and the like?
Only if you assume that no one ever uses a network outside their corporate network and that all networks used employ various ways to detect this data transmission. For most consumers, the normal is not to have such high security. They don't employ such detection methods and they connect to outside networks all the time.
Also consumers are far more likely to buy these 3rd party parts than someone with a corporate phone who will most likely send it to their company for repair who will use genuine parts.
Such as faulty/counterfeit batteries used in Galaxy Note 4s during repair [engadget.com].
