New research paper demonstrates smartphone security hole in replacement hardware

Hacking your phone through the touchscreen? Yes, it can be done. (Image: Shattered Trust)
Hacking your phone through the touchscreen? Yes, it can be done. (Image: Shattered Trust)
A research team has successfully compromised a smartphone by injecting malicious code into the drivers for the touchscreen. The code allows full access to the device, including the ability to alter files, use the phone's camera, download malicious apps, and grant root access without unlocking the bootloader.
Sam Medley,

We’ve reported on the various security holes in smartphones in the past. All of these vulnerabilities have been found in software, which can be quickly patched via over-the-air updates. However, a new research paper by a group at the University of the Negev details a previously unknown flaw in smartphone security: physical hardware.

The paper’s authors demonstrated how they were able to take full control of a Nexus 6P by using a third-party replacement touchscreen. The team injected malicious code into the Synaptics S3718 drivers used by the device. According to the paper, a “component driver’s source code implicitly assumes that the component hardware is authentic and trustworthy.” After figuring out how the touchscreen accessed the kernel of the driver and interacted with the device itself, the authors were able to execute arbitrary code and seize control of the phone. In short, the arbitrary code execution allowed the team to allow any application to gain root access, disable or bypass any preventative measure designed to halt malicious code execution at the kernel level, and create new backdoors within the kernel. The device in question was a freshly reset Nexus 6P with a locked bootloader, which makes the exploit even more impressive and worrisome.

In a demonstration video, the team used the injected malicious code to automatically install malware and grant it root access, access and use the camera, alter URLs to redirect users to phishing sites, and log the phone’s unlock pattern. The team has also successfully executed this attack on a Galaxy S5, Nexus 5X, and Nexus 5, all of which use Synaptics touchscreen drivers.

So what can you do to avoid these kinds of attacks? The best prevention is to only use OEM parts for smartphone repairs. If you don’t feel comfortable repairing the phone yourself, send it to the phone maker or a certified repair technician that will use OEM replacement parts. Don’t purchase replacement parts from sketchy or unknown sources. The paper’s authors also suggest that smartphone manufacturers start including hardware-based firewalls to protect the device from similar attacks.

The full paper can be found here.


static version load dynamic
Loading Comments
Comment on this article
Please share our article, every link counts!
> Notebook / Laptop Reviews and News > News > News Archive > Newsarchive 2017 08 > New research paper demonstrates smartphone security hole in replacement hardware
Sam Medley, 2017-08-22 (Update: 2017-08-23)
Sam Medley
Sam Medley - Review Editor - @samuel_medley
I've been a "tech-head" my entire life. After graduating college with a degree in Mathematics, I worked in finance and banking a few years before taking a job as a Systems Analyst for my local school district. I started working with Notebookcheck in October of 2016 and have enjoyed writing news articles and notebook reviews. My areas of interest include the business side of technology, retro gaming, Linux, and innovative gadgets. When I'm not hunched over an electronic device or writing code for a new database, I'm either outside with my family, playing a decade-old video game, or sitting behind a drum set.