Phone replacement parts can be used to hijack a phone

[Jinchu]

I have to be honest. I haven't really thought about the security risks of when repairing a phone on third party locations. I remember there was a Apple related discussion on this topic some time ago. However, I considered it more as a way to Apple to collect better profits. Turns out they were not totally wrong. I also share this peace of news since I think there are others as well who should be aware of the situation.

Quote

The replacement parts installed by repair shops contain secret hardware that completely hijacks the security of the device.

The concern arises from research that shows how replacement screens—one put into a Huawei Nexus 6P and the other into an LG G Pad 7.0—can be used to surreptitiously log keyboard input and patterns, install malicious apps, and take pictures and e-mail them to the attacker.

So some researches had a proof of concept, where they were able to record the unlock pattern to the phone, install app, take a picture and send it via email. 

Quote

 The software drivers included in both the iOS and Android operating systems are closely guarded by the device manufacturers, and therefore exist within a "trust boundary." The factory-installed hardware that communicates with the drivers is similarly assumed to be trustworthy, as long as the manufacturer safeguards its supply chain. The security model breaks down as soon as a phone is serviced in a third-party repair shop, where there's no reliable way to certify replacement parts haven't been modified.

According to the article everything is fine until you go to third party vendor to get your phone fixed. This also applies to me since I would consider fixing my screen at home. Now, I have to think carefully is it worth the risk that someone hijacks my phone.

 

Quote

While the researchers used Android phones for their demonstration, there's no reason similar techniques wouldn't work against tablets and phones running iOS.

So basically everyone are guessing how widely this type of attack vector would be feasible. To be clear: it is no wonder that someone with that level of access to any device can compromise it. The news here are the scale and cheap price of the method. It'd be easy to mass produce malicious screens with a small cost. 

 

 

source: https://arstechnica.com/information-technology/2017/08/a-repair-shop-could-completely-hack-your-phone-and-you-wouldnt-know-it/?utm_content=buffer96265&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer 

Edited August 22, 2017 by wkdpaul
fixed formatting for night theme

[BubblyCharizard]

while it is possible to have this with phone repairs, most repair shops are honest, this is a case of use your best judgement, and if the price seems too good to be true, it probably is.

 

check for reviews, and ask past clients if possible to help make up your mind.

[themctipers]

don't worry if its a screen

 

its literally a screen, 

 

 

think about it

 

 

 

do you worry about buying a used asus monitor because it might have a virus?

[The Belgian Waffle]

This is quite scary.

I don't trust third party repairs because the stores that offer hardware repairs are run by sketchy looking dudes that buy their screen from an unknown location and make you pay a pretty penny.

 

Luckily the only time I broke my screen, it was covered by warranty and didn't spend anything.

[Fetzie]

1 minute ago, themctipers said:

don't worry if its a screen

 

its literally a screen, 

 

 

think about it

 

 

 

do you worry about buying a used asus monitor because it might have a virus?

Your used Asus monitor doesn't have a data input like a mobile phone screen does. I imagine it would be fairly trivial to record inputs and map them to what is displayed on the screen at the time.

[themctipers]

Just now, Fetzie said:

Your used Asus monitor doesn't have a data input like a mobile phone screen does. I imagine it would be fairly trivial to record inputs and map them to what is displayed on the screen at the time.

it does though

DP has some pins that tell the OS stuff and idk, windows somehow knows that my monitor is x resolution

am pretty sure it is easy to spoof it and have it say there are two outputs on this, but they're mirrored

[ScratchCat]

Correct me if I am wrong, but I cannot see any reason to why a SCREEN , the thing which outputs an image and inputs touch should have this sort of processing built in. The attack must be visible to the user and be run by simulating touches which would be plainly visible to any user (even the least tech savy person would think something is up when your newly repaired phone starts emailing suspicious characters in far away countries.

This is a worrying problem but if the monitor can only simulate touches then it cannot adapt to say, if the email icon is in a different place to expected.

[The Belgian Waffle]

5 minutes ago, themctipers said:

don't worry if its a screen

 

its literally a screen, 

 

 

think about it

 

 

 

do you worry about buying a used asus monitor because it might have a virus?

If you bring your machine to a local repair store, they could put anything on it that can log your activities / password etc

[themctipers]

Just now, The Belgian Waffle said:

If you bring your machine to a local repair store, they could put anything on it that can log your activities / password etc

the shops where i am don't require your password, do mostly iOS only, and you can even see what they're doing to your phone in person (because its a little 20m^2 room, and business is slow)

[The Belgian Waffle]

Just now, themctipers said:

the shops where i am don't require your password, do mostly iOS only, and you can even see what they're doing to your phone in person (because its a little 20m^2 room, and business is slow)

Let's say they need to keep it for a couple of days for a legitimate reason.

Also, it's so easy to actually disable your password on Windows and access your whole computer, you just boot it with a script on a usb thumb and voila

[themctipers]

Just now, The Belgian Waffle said:

Let's say they need to keep it for a couple of days for a legitimate reason.

Also, it's so easy to actually disable your password on Windows and access your whole computer, you just boot it with a script on a usb thumb and voila

true, but don't most people just say fuck it im going to another store where i can get it repaired today? because for most people, a phone is their life (normies and me)

 

it is very easy to do that, yes. but this is a phone, not a laptop. phones dont run windows 10 x86, and they dont run windows 10 arm yet 

[The Belgian Waffle]

Just now, themctipers said:

true, but don't most people just say fuck it im going to another store where i can get it repaired today? because for most people, a phone is their life (normies and me)

 

it is very easy to do that, yes. but this is a phone, not a laptop. phones dont run windows 10 x86, and they dont run windows 10 arm yet 

True
I was still talking about my exemple of the beginning of the thread

[themctipers]

Just now, The Belgian Waffle said:

True
I was still talking about my exemple of the beginning of the thread

here its like $45 for iphone 5 or lower replacement, 6/6+ is like $100

and again, they do it in front of the person, like right now, in 15 minutes or so.

[Jinchu]

10 minutes ago, The Belgian Waffle said:

If you bring your machine to a local repair store, they could put anything on it that can log your activities / password etc

I agree with this. My problem is that if I do it at home by myself, I might still be a victim. Last time I had to repair my phone it was so old there was no way to buy official parts. I had to go to third party website on ebay. If I buy a screen from ebay, I have no way of separating tampered screen from a normal one.

[Fetzie]

4 minutes ago, themctipers said:

here its like $45 for iphone 5 or lower replacement, 6/6+ is like $100

and again, they do it in front of the person, like right now, in 15 minutes or so.

And if the part itself is compromised? Which can happen without the knowledge of the person actually doing the repair.

[themctipers]

Just now, Fetzie said:

And if the part itself is compromised? Which can happen without the knowledge of the person actually doing the repair.

wear a tinfoil hat 

 

apples walled garden is nice, really nice. 

[Fetzie]

Just now, themctipers said:

wear a tinfoil hat 

 

apples walled garden is nice, really nice. 

I agree that this is highly unlikely to happen in an official apple store, but lots of people go to third party repair shops.

[Teak]

29 minutes ago, Jinchu said:

I haven't really thought about the security risks of when repairing a phone on third party locations.

I work at one of these third party locations. We ask everyone for their passcodes so we can properly test all the features of the phone. 95% of people have no issue giving us their passcode, and the other 5% just change it to something else before they leave it.

 

I guess a few of them might change it after the repair, but I can tell you most people just dont care.

 

And if it wasnt obvious, we dont share or sell any personal info or passcodes

[themctipers]

Just now, Fetzie said:

I agree that this is highly unlikely to happen in an official apple store, but lots of people go to third party repair shops.

yes, and at that:

-how are you going to get the screen to touch sensitive apps without the user knowing?

-how are you going to get ANY access of the OS that is not still userland?

-how are you going to prevent the user from going: hey my phone is touching stuff randomly and sending Russian messages, i demand a refund for this

-an exploit like this for a current version of iOS is really REALLY wanted, why waste it when you can just sell it for ~1m?

[DrMacintosh]

This is just complete bulls*t especially with iOS

 

No repair shop is going to do this is they have the slightest idea of how to run a successful business. 

[DrMacintosh]

1 hour ago, Jinchu said:

there's no reliable way to certify replacement parts haven't been modified.

Sure there is, don't let a druggy work on your phone. 

[DrMacintosh]

1 hour ago, Jinchu said:

So basically everyone are guessing how widely this type of attack vector would be feasible.

This would be extremely useless. 

 

1 it only effects people who need a repair and are willing enough to show up to a pedo who runs a repair shop

2 doesn't give anyone anything useful. You don't get to log into a screen mirror without the OS knowing about it

3 what are they going to do? most apps don't show the passwords you enter and modern smartphones require a 2nd level of description such as a finger print or another device other than the one you are using. 

 

The whole thing is a joke. Getting a few bucks worth of info of a person who got their phone fixed isn't worth a business. 

[RedRound2]

I've always said this. It's impossible to know if a third party phone repairer does something in the phone that can potentially compromise security 

 

This was precisely the reason why apple disabled touch id if the phone detected that it wasn't an official module 

But haters usually went overboard and tried their best to portray apple as an evil corporation 

 

Fixing an apple device out of warranty can be expensive as they tend to replace entire components as opposed to fixing them,  but majority of the people who faces problems in their devices will either be covered under warranty or there will usually be a free of charge under Apple recall program 

[Jito463]

On 20/08/2017 at 3:55 AM, Teak said:

I work at one of these third party locations. We ask everyone for their passcodes so we can properly test all the features of the phone. 95% of people have no issue giving us their passcode, and the other 5% just change it to something else before they leave it.

 

I guess a few of them might change it after the repair, but I can tell you most people just dont care.

 

And if it wasnt obvious, we dont share or sell any personal info or passcodes

Same here.  We ask for customer's PINs because we need to test the full range of the digitizer input, to make certain the new screen is working correctly without issue.  We've rarely had an issue with the customer refusing, although a few have chosen not to give it to us, so we weren't able to test it until they came to pick it up.

 

Why, just last week customer #3547 gave us the PIN of 12345.  I told him we'd never share it with anyone.

 

 

[suicidalfranco]

i always knew Louis was a shady with his rants about hard to repair stuff and all

 

/S

Edited August 22, 2017 by wkdpaul