Security News Secret chips in replacement parts can completely hijack your phone’s security

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
Booby-trapped touchscreens can log passwords, install malicious apps, and more.

People with cracked touch screens or similar smartphone maladies have a new headache to consider: the possibility the replacement parts installed by repair shops contain secret hardware that completely hijacks the security of the device.

The concern arises from research that shows how replacement screens—one put into a Huawei Nexus 6P and the other into an LG G Pad 7.0—can be used to surreptitiously log keyboard input and patterns, install malicious apps, and take pictures and e-mail them to the attacker. The booby-trapped screens also exploited operating system vulnerabilities that bypassed key security protections built into the phones. The malicious parts cost less than $10 and could easily be mass-produced. Most chilling of all, to most people, the booby-trapped parts could be indistinguishable from legitimate ones, a trait that could leave many service technicians unaware of the maliciousness. There would be no sign of tampering unless someone with a background in hardware disassembled the repaired phone and inspected it.
 

lowdetection

Level 7
Verified
Well-known
Jul 1, 2017
317
I changed the fan of my MacBook Pro with one from China, should I worry?

When I changed I saw the connector stick to something, now I am worried that could hijack the voltage and the rotation of the fan.
 

tim one

Level 21
Verified
Honorary Member
Top Poster
Malware Hunter
Jul 31, 2014
1,086
I changed the fan of my MacBook Pro with one from China, should I worry?

When I changed I saw the connector stick to something, now I am worried that could hijack the voltage and the rotation of the fan.
A fan? I do not think so, thermo-controlled fans contain surface mount components but it is difficult saying it is a risk.
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top