Broke your smartphone’s screen? Going for a cheap fix at your local repair shop? Beware, hackers can install a malicious chip and steal your data! Sounds scary, but researchers at the University of Negev in Israel have uncovered a deadly hack involving people who have broken their smartphone screen. Their research confirms the possibility of inserting a malicious chip while replacing touch screens of smartphones. These chips can be used to compromise users’ smartphones and steal their data.
The researchers simulated attacks on Huawei Nexus 6P and LG G Pad 7.0. They were able to take control of the devices by using a malicious chip embedded into a third-party touch screen. These malicious chips in the touch screens could then record photos, keyboard input, internal data and even direct users to phishing websites.
Also, since the hack is hardware-based, even an anti-virus would not be able to detect the malware and it will survive factory resets and operating system updates. This means a smartphone user would be at risk even if he/she has taken all the regular precautions to protect their data. Ankush Johar, director at HumanFirewall.io, a provider of human information security awareness and preparedness solutions, comments: “Hardware hacking is an untouched realm of security and normal people are not aware of it. In India, markets like Nehru Place, Ghaffar Market in New Delhi and Lamington Road in Mumbai, among others, are famous for selling cheap replacement hardware for smart devices and appliances.
As the prices are as low as a third of the original replacement price, users tend to prefer such markets exposing themselves to grave danger.” Johar says, “If a hacker makes his way into your phone’s hardware, there is no going back. You cannot overwrite it with a software update, you cannot format it, you cannot remove it. Basically, the only solution will be to throw your device and get a new one that too, if and only if, you get to know about it, which is near to impossible for a normal user.” His prescription: Go for original replacements! You might have to spend a little extra but it’s better than handing over your bank accounts to a hacker.