Malicious code on replacement screens may attack your Android phone
Need to fix your phone up with new parts? Be wary of where those parts come from.
Researchers at Ben-Guion University of the Negev have been able to affect the source code of certain component drivers, such as replacement touchscreen panels, and commit end-to-end attacks on, in this case, a Nexus 6P with Android 6.0.1 Marshmallow.
Hackers can read touch input and manipulate the touch screen to extract data and input more malicious code. And all of this is thanks to OEMs’ implicit trust with internal components as opposed to plug-and-play units that automatically require privilege escalation.
“As a result of this trust, very few integrity checks are performed on the communications between the component and the device’s main processor,” the researchers wrote in a study.
All the code needed to execute these acts goes through the component’s CPU. As there are no files dropped into the system, the attacks can’t be traced by the typical anti-virus software. And while external components were attached to the phone for the purposes of this study, the firmware can also be replaced and a chip can be invisibly embedded into the part so that all of these executions can be completely remote.
So, how will good faith manufacturers of both the devices and the components resolve this? Well, it’s a case-by-case basis per component, but the main takeaway is that if it has its own drivers and it’s not the phone, device OEMs should evaluate privileges of new third-party parts.