Click to Skip Ad
Closing in...

Compromised replacement screens can be used to hijack your phone

Published Aug 21st, 2017 4:28PM EDT
iPhone screen replacement
Image: Ben Margot/AP/REX/Shutterstock

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

Shattering your phone’s display on the pavement is a terrible feeling, but according to a recent study, you might have more to worry about than just the cost of replacing it. In a paper presented last week at a workshop in Vancouver, four researchers from Ben-Gurion University of the Negev in Israel explained how broken screens are replace with aftermarket components of questionable origin — components which could be tampered with in order to hijack the user’s phone.

In order to demonstrate the potential dangers, the research team embedded malicious chips within the third-party displays of a Huawei Nexus 6P and an LG G Pad 7.0. With the new displays installed, the team conducted two standalone attacks: “a touch injection attack that allows the touchscreen to impersonate the user, and a buffer overflow attack that lets the attacker execute privileged operations.”

By combining these “attack building blocks,” hackers could theoretically impersonate the user to install software and grant permissions, take photos of the user without their knowledge, replace real URLs with phishing URLs, log virtually anything the user does on the touchscreen (such as entering a password or private credentials) or even exploit vulnerabilities in the device’s OS kernel.

This process is called a “chip-in-the-middle” attack, which the researchers accomplished by installing an ATmega328 micro-controller module on the touchscreen assembly daughter board. And while the attack that the team demonstrated for the purposes of this paper were Android phones, there’s no reason to think that they wouldn’t be capable of affecting iOS devices as well.

Jacob Siegal
Jacob Siegal Associate Editor

Jacob Siegal is Associate Editor at BGR, having joined the news team in 2013. He has over a decade of professional writing and editing experience, and helps to lead our technology and entertainment product launch and movie release coverage.