Posted on August 21, 2017 at 1:35 PM
An Easily Made Malicious Chip can Spy and Take Over Your Phone
At a recent security conference, a new research has been presented by the experts from an Israeli university that showed a possible attack scenario that involves replacement parts to carry out attacks on smartphones and other smart devices.
The attack has been described as chip-in-the-middle, and it works on the assumption that a malicious actor is capable of mass-manufacturing electronic spare parts which have an extra chip for intercepting a device’s inner communications but is also capable of issuing malicious commands.
The researchers made their theory into a reality by building the malicious spare parts and then using them to gain control over a test smartphone. At the end of the article, you will find video proof of their hack.
Although the attack seems complex, according to the researchers that conducted the experiment, they only used off-the-shelf electronics that summed up to a total cost of $10. Even though there are practical skills required for some of the operations in this hack, the attack is far from sophistication that it exudes and involves no complex machinery often installed in high-tech factories.
The researchers said that they found two ways in which they could exploit the malicious spare attacks they manufacture.
The one way is a basic command injection into the communication streams between the phone and the spare component. The attack in question works best with malicious touchscreen displays since it lets the attacker pose as the phone user by mimicking touch actions and exfiltrating data.
The second way is a buffer overflow attack that works by targeting a vulnerability in the touch controller device driver embedded within the operating system kernel. By exploiting this flaw, attackers get elevated privileges on the phone and carry out attacks on the OS itself, no need to mimic touch gestures needed. This attack doesn’t work universally though since it is specific to one set of device drivers.
The experts from the Ben-Gurion University of the Negev in Israel that formed the research team that carried out the hack have presented multiple hardware-based countermeasures for preventing attacks via spare parts in their research paper.
Their paper is titled “Shattered Trust: When Replacement Smartphone Components Attack” and the countermeasures and other details can be found on these two addresses: first and the second one. Researchers presented their work at the recently concluded USENIX W00T ’17 security conference.
Below you can find videos that show how the experts carried out their hacks on smartphones.