Your Phone May Be Spying on You
September 27, 2017
CBS – As technology gets more sophisticated, so are the scams you need to watch out for.
Researchers at Ben-Gurion University conducted a study to prove a new way criminals might hijack your phone by using a common replacement part.
When you accidentally drop your phone shattering its screen, it’s off to the local repair shop to get it fixed. But unbeknownst to you, or the cell phone repair person, the new screen you are getting could end up spying on you because criminals have altered it and then shipped those altered screens to legitimate, third-party repair shops.
In their paper titled “Shattered Trust: When Replacement Smartphone Components Attack,” the researchers showed how a “chip-in-the-middle” touchscreen could allow criminals to record keyboard inputs, download malicious apps or even direct you to phishing websites. The hacked screen looks so much like the real thing that even the repair tech may not be able to notice the difference.
The BGU researchers say the attacks can be conducted on phones that run the Android system. Although they don’t mention Apple smartphones specifically, some technology experts believe iPhones, too, could be vulnerable to the same kind of attack.
The researchers who revealed the “chip-in-the-middle” vulnerability say it’s now up to cellphone makers to devise a way to guard against this kind of attack with some sort of physical barrier to prevent it. That’s because the compromised chip is a piece of hardware, and anti-virus software can’t detect it.
In the meantime, be wary of who fixes your phone. One way to make sure your phone’s replacement parts are legit is to use trusted retailers.