Got your phone's display replaced? It could be hacked
In this age of cyber revolution, one of the biggest concerns regarding personal data is its protection from cyber attackers. Despite using multiple safeguards on the software front, hackers are still able to get access to smart devices remotely from millions of miles away. The only way other than the software to gain unauthorised access to a device is getting hold of the hardware. To prove it, a group of researchers did a demonstration on a smartphone and were shockingly able to hack the smartphone.
Four IT researchers — Omer Shwartz, Amir Cohen, Asaf Shabtai and Yossi Oren, took a Nexus 6P for their demonstration. They took apart the display unit to gain access to the copper pads. They embedded an ATmega328 micro-controller module based on the Arduino platform and used an STM32L432 micro-controller. Once that was done, all they needed to do was connect the chips to the display’s copper boards by soldering it. The whole job was done so neatly that no one could notice the new component.
The researchers then took remote control of the Nexus 6P from another computer and they could access every single parameter of the phone. The demo video shows the phone opening the PlayStore and installing malicious apps on itself. The researchers claim that they could also record audio, capture images through the front camera and even send data through instant messaging apps or Gmail.
The whole point of the demonstration was that a smartphone could easily be fitted with a hacked module without letting the user know about it. The hackers say that their soldering was still noticeable to the naked eyes — things would have been neat in the hands of a soldering craftsman. Is there something that can be done to protect innocent users becoming victims of malicious intentions?
Consumers don’t have anything to do other than lay their belief on a service centre’s personnel. However, if manufacturers could implement curved bezel-less displays on smartphones, they could surely find a way to let a particular device recognise an altered component and refuse to boot-up. Even if it manages to boot-up, the software should come into play and notify the user about a foreign chip’s presence inside. This study proved once again that nothing in this world is safe from the prying eyes of hackers.