One of the biggest fears of people who own smartphones is breaking the glass of the screen, which unfortunately tends to happen quite often. When this happens, if you’re not into getting a new device and the warranty period is gone, there are pretty much only two solutions: either you continue using your device with the broken screen or you search for the nearest shop to get it repaired. While the first method can work if your smartphone is not badly damaged, you must be careful if you opt for the second as third party stores might not be as loyal as you think they are. In fact, according to researchers from the University of Negev, in Israel, it is possible and relatively easy to hack a smartphone or tablet by using a replacement screen in both Android and iOS systems. All it takes is a malicious chip and your newly fixed device will now belong to hackers.
An Untraceable Hacking Method
Whenever something happens to your smartphone you should always send it to the manufacturer; they’ll take the best care of it and provide a service you can trust. However, this may be a lot more expensive and that’s why many people tend to just rely on a third party store and have the job done quicker for less money. But the issue with third party mobile repair stores is that unless you know someone there you can’t really trust them. This replacement screen with a malicious chip installed in it is an example of how dangerous these stores can be, the Israeli study highlighting that your phone can then be compromised by hackers and from that moment have full control of the device. This then allows them to direct you to phishing sites, install apps, take copies of your data to send via email and much more.
Furthermore, this trick is almost impossible to detect because the evil chip that is implemented in the replacement screen looks exactly the same as a normal one, even making it hard for technicians to tell the difference. In the same way, any antivirus app or security tools you may have installed can do nothing about it, they’re not designed to deal with such a hardware threat. In fact, they won’t be able to target it as a threat to begin with because this method is ‘made by hand’, meaning that no infected file needs to be downloaded, no malicious link clicked nor app installed.
The researchers tested the attack on a Huawei Nexus 6P smartphone and an LG G Pad 7 tablet and they were easily able to get access to the devices’ communications. Given that Apple is known to raise hell when you search for help in third party stores, it is quite curious that researchers claim that the method works in the same way for iOS devices too, though they didn’t prove this.