Research: Smartphones easy to attack with replacement components
A team of researchers warns that smartphones ‘trust’ the various internal components too easily. They state that a rogue parts manufacturer can easily provide a replacement screen with a chip that, for example, passes on user data.
According to the researchers, the problem lies in the fact that the central SOC of a smartphone unconditionally trusts the other hardware, such as the screen or the charging chip. Only external devices that are connected to the device via the USB port, for example, are subject to checks by the motherboard. The researchers argue that this dividing line between trusted and not immediately trusted is misplaced because malicious internal parts can also end up in a smartphone.
As part of the study, the researchers present a proof of concept that focuses on the screen and consists of two steps: a touch injection attack that mimics the user’s screen input and a buffer overflow attack that allows the attacker to execute commands. run with elevated privileges. According to their demonstrations, they manage to install malicious software and give it permissions, copy PINs, passwords and unlock patterns, and redirect users to phishing websites, among other things.
However, the researchers, a team of scientists from Ben-Gurion University in Israel, argue that arming phones against these types of attacks is not much of a challenge. An additional component that monitors traffic between the motherboard and the various daughterboards like a firewall should be enough to block malicious components.
However, being vigilant about rogue replacement parts is also a double-edged sword. Apple came under fire in 2016 after it turned out that an OS update disabled devices if they were equipped with an unofficial replacement home button, which also serves as a fingerprint sensor. After an update, the devices in question were usable again, but Touch ID remained disabled. Apple did so for the same security considerations that these researchers raise here.
Demonstration of the attacks on a Nexus 6P at factory settings (playlist of five videos)