Possibility that hijacking tools can be put in the LCD repair of the cracked smartphone
The teams by Omer Shwartz, Amir Cohen, Asaf Shabtai, and Yossi Oren's teams of Negeve Ben -Grion National University in Israel are 14th (US time), 11th "Usenix Workshop On Offense Technology (Workshop OFFENSIVE] Was announced that the Android OS can be hacked using the modified smartphone display parts.
Hardware components such as smartphone touch screens and sensors, wireless charging controllers, and NFC readers are often manufactured by third -party manufacturers and are not manufactured by smartphone vendors.The driver sauce code for such components is developed by a third party and integrated into the source code of the main body manufacturer.
In contrast to the driver that assumes that hardware is attached and detached, such as USB and network drivers, SHWARTZ and others are reliable (regular) for the component hardware source code.It was written on the assumption that it was a thing, and as a result, we focused on the fact that the communication between the component and the main processor of the device was rarely performed.
In the paper, if the touch screen is broken by dropping it, it is not a genuine product, or it may be replaced with an after -market component, so it is a commonly used touch screen controller (such as Synaptics).Analyze the operation and create a malicious touch screen hardware.Using it, two attacks were achieved with a hardware standalone, with a touch -injection attack and a buffer overflow attack to perform privileged operations.
According to the team, the tip -in the middle attack could install unlock pattern capture and malware apps for Android -equipped smartphones.
The demonstration draws a signal line with a cable and uses large substrates, but if you devise a little, you will be able to hide everything inside your smartphone.As an attack target, Android 6.0.Nexus 6p and LG G Pad 7 are running 1.0 is used.
The demonstration is for Android smartphones, but Ars Technica magazine speculates that the same technology can be applied to iOS devices such as iPhone and iPad.
In conclusion, the team concludes that the threat of malicious peripheral devices in electrical appliances should not be neglected, and system designers need to incorporate measures in response to unreliable parts.I am.
マルウェアをインストールするデモフィッシングURLへの転送アンロックパターンのキャプチャと送信