You might need to take extra precaution if you are getting third-party replacement parts fitted inside your smartphone — these parts could contain chips which can be used to hack your smartphone and extract important information, including your financial information and other passwords.

According to a new study by a group of researchers from Israel’s Ben Gurion University, titled “Shattered trust: When replacement smartphone components attack,” replacement displays, NFC readers, wireless charging components and other such smartphone parts, mostly sourced from third-party manufacturers can be easily used to hack into a device.

The third-party source code can be easily integrated into the vendor’s source code — the smartphone part will show a regular screen to the user while accessing information in the background. Since the part will be well-integrated into the device, it will also override the smartphone security protocols, and be assumed to be trustworthy by the software.

The researchers have showcased how a smartphone can be hacked using a replacement display in a video.

In the video, a malicious chip is integrated into the third-party touchscreen and is easily able to target the communication system of a Huawei Nexus 6P or an LG G Pad 7.0. This hack allowed the researchers to record all communication done on the smartphone including emails sent, the keyboard input used for sending messages, making calls and more. The researchers were also able to install malicious apps, which makes the scenario even scarier as a user’s device can be used for any illegal activity using such apps.

The study further claims that it is very difficult to differentiate between such malicious components and company parts — even seasoned technicians might not be able to differentiate between the two.

Also, since the hack is based on hardware and not software, even an antivirus would not be able to scan such vulnerabilities and as a result, a smartphone user would be at risk even if the person has taken all the regular precautions to protect the mobile data.

This kind of hack isn’t even expensive, cheap components can be fitted with maliciously programmed chips. In the given instance, researchers used commonly available components such as the ATmega328 single microchip controller — which is used for reading and writing files in a smartphone. When you copy a file or attach it in apps and mail, this is the hardware being used.

In addition to this, they used an STM32L432 micro-controller, another commonly available chip, but added in the study that other such components can be used in the process of hacking. They simply used a hot air blower to detach display parts and put the chip inside using a copper wire.

According to the team, this mode of hacking can be used not only on Android devices but even on iPhones.

Few integrity checks and security protocols or guidelines are currently available for third-party smartphone parts. Moreover, company parts are expensive and many a time, don’t even make sense for the user to invest in, like a $149 replacement display for the iPhone 7, which costs $649.

Unless companies clamp down on repair costs or third-party components are standardized, it seems that users could be permanently at risk of such hardware-based hacking.

RELATED STORIES
Security Smartphone Hacking