Gravity is a relentless mistress, one that has wreaked havoc on smartphones of all shapes and sizes over the years. This force of nature is directly responsible for countless busted screens and the crop of shops tasked with repairing them.
It’s so common, in fact, that most don’t think twice about getting a screen replaced – a serious oversight according to one security-minded group.
Researchers from Ben-Gurion University of the Negev in Israel claim malicious hackers can covertly install hardware within replacement displays that can log keyboard inputs and patterns, install nefarious apps and even snap photos and send them to an attacker via e-mail.
Worse yet, the malicious hardware costs less than $10 (making it easy to mass-produce) and is undetectable by most service technicians. As Ars Technica highlights, someone with a background in hardware would need to disassemble and inspect a display to find any evidence of tampering.
The researchers presented their findings in a paper at the recent 2017 Usenix Workshop on Offensive Technologies. In it, they said that attacks by malicious peripherals are feasible, scalable and invisible to most detection techniques. To validate their claims, they demonstrated attacks on a Nexus 6P and an LG G Pad 7.0 that had been outfitted with bugged screens.
Companies like Apple and AT&T have provoked the ire of consumers seeking to repair their own devices for years. Irritated folks have argued that it’s all about money (entirely plausible) but with attacks like this possible, we can now see why some would be leery of letting third-parties using non-genuine hardware tinker with their devices.