(this question has to do with hardware hacking)
Can your phone get hacked/accessed remotely by another person/hacker by getting a screen replacement for a broken phone.
What I mean is that is it possible for a hacker to insert a malicious chip/part inside the screen replacement part?
I’ve read an article about how screen replacement can hack your phones and give control of your entire phone to the hacker simply by the hacker inserting some chip into the new screen part.
Also, can the new screen’s camera also be able to watch us? If the hacker also inserted something malicious to it or connected it to his laptop?
Idk, to me this sounds absurd but I did read some articles on it so I’m confused. I read this on TheVerge website’s “Hacked replacement touchscreens could hijack your smartphone / This type of attack can’t be spotted by anti-virus programs” article based on a research done in some university.
Kindly can anyone guide me regarding this…because I broke my phone’s screen last month and am not getting it repaired due to this reason.
Help.
The research paper merely proves that it is possible, and relatively affordable for a targeted attack, but in reality, someone interesting enough for such an attack would already have their device attacked through other means, no need to wait for the screen to be damaged. For mass surveillance, nobody is wasting extra money for each and every broken screen, there are much cheaper solutions such as updates that include malware.
But I’m asking how in the world is this even possible? I showed my brother this article and his friends told me there’s no way a hardware can hack your phone. I’m not too well-versed about technology or hardware so all this sounds crazy to me
It’s possible because Android doesn’t verify that the components are genuine. Unlike in iOS, as long as the components conform to a very minimal spec, it will work. The screen is large enough to carry extra payload, including malicious ones. See my other link in this thread to see the demo.
But how can a hardware hack a software phone?? I’VE watched the video of this article but the video shows them literally connecting the phone to a laptop. I’m only gonna get my phone’s screen replaced with a new one.
Because the software receives nearly all input from the screen. The proof of concept shows a laptop running the screen, but the actual attacker would have their own controller embedded. This way it can log all presses including the unlock pattern, wait until the phone is idle for hours and a notification wakes the screen, replay the unlock pattern, launch a webpage to download further payload, etc.
Basically, the question is “how bad it would be if someone could watch everything on your phone’s screen and touch it when you’re not looking”.