Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Tuesday August 22 2017, @06:41AM   Printer-friendly
from the Use-only-Official®-Authorized-Parts-and-Repair-Services dept.

People with cracked touch screens or similar smartphone maladies have a new headache to consider: the possibility the replacement parts installed by repair shops contain secret hardware that completely hijacks the security of the device.

The concern arises from research that shows how replacement screens—one put into a Huawei Nexus 6P and the other into an LG G Pad 7.0—can be used to surreptitiously log keyboard input and patterns, install malicious apps, and take pictures and e-mail them to the attacker. The booby-trapped screens also exploited operating system vulnerabilities that bypassed key security protections built into the phones. The malicious parts cost less than $10 and could easily be mass-produced. Most chilling of all, to most people, the booby-trapped parts could be indistinguishable from legitimate ones, a trait that could leave many service technicians unaware of the maliciousness. There would be no sign of tampering unless someone with a background in hardware disassembled the repaired phone and inspected it.

The research, in a paper presented this week at the 2017 Usenix Workshop on Offensive Technologies, highlights an often overlooked disparity in smartphone security. The software drivers included in both the iOS and Android operating systems are closely guarded by the device manufacturers, and therefore exist within a "trust boundary." The factory-installed hardware that communicates with the drivers is similarly assumed to be trustworthy, as long as the manufacturer safeguards its supply chain. The security model breaks down as soon as a phone is serviced in a third-party repair shop, where there's no reliable way to certify replacement parts haven't been modified.

The researchers, from Ben-Gurion University of the Negev, wrote:

The threat of a malicious peripheral existing inside consumer electronics should not be taken lightly. As this paper shows, attacks by malicious peripherals are feasible, scalable, and invisible to most detection techniques. A well motivated adversary may be fully capable of mounting such attacks in a large scale or against specific targets. System designers should consider replacement components to be outside the phone's trust boundary, and design their defenses accordingly

Source: Ars Technica

Also covered at: Engadget.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Interesting) by MrGuy on Tuesday August 22 2017, @03:26PM

    by MrGuy (1007) on Tuesday August 22 2017, @03:26PM (#557530)

    is who was involved in funding this study.

    Look, I'm not questioning their conclusions - I have no doubt someone who's able to sneak new hardware into a phone could do something malicious with that access. I'd go so far as to call that conclusion obvious (though the study does a great job going into specifics of the "how you'd do it.") And the conclusion is more aimed at device makers needing to be more careful about their trust boundaries, rather than advocating against third-party repair.

    But given this study is being released right at the time when "right to repair" is being debated in multiple countries, the timing of a scientific study about how third-party repair can imperil devices seems...well...awfully convenient. And given that the conclusion here seems somewhat obvious (I'd have been HIGHLY surprised if determined study couldn't find a way to exploit this), it's not a stretch to think about whether a device maker who was opposed to "right to repair" wouldn't want a study like this to wave around and demonstrate why the reason they won't let you repair your own device is FOR YOUR OWN SAFETY!! Zomg, think of the children.

    I'm not saying anything nefarious DID happen. But it's at best coincidental, and it's a little troubling to me that (given this background) I don't see any disclosure in the paper as to who paid for the research (there IS a disclosure section, but it's talking about disclosing vulnerabilities to manufacturers pre-publication). I find the lack of information about this a little disquieting.

    Starting Score:    1  point
    Moderation   +1  
       Interesting=1, Total=1
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   3