Phone replacement parts can be used to hijack a phone

[Jito463]

2 minutes ago, suicidalfranco said:

with his rents about

Rents?  Did you mean rants?

[suicidalfranco]

1 minute ago, Jito463 said:

Rents?  Did you mean rants?

yes, corrected

 

[captain_to_fire]

5 hours ago, Jinchu said:

According to the article everything is fine until you go to third party vendor to get your phone fixed. This also applies to me since I would consider fixing my screen at home. Now, I have to think carefully is it worth the risk that someone hijacks my phone.

Which is why I have little trust on repair shops for phones and even laptops. They will gouge money on naïve, less tech savvy people and even hack your device. If my phone, tablet, or laptop is broken and it's still within the warranty period, I'll return it to he replaced or I'll buy extended warranty like AppleCare Protection Plan. If it's broken and it's already outside the warranty period, I'll either buy a new one if I have the money or buy something cheaper but brand new and save to buy the one I want later on. 

6 hours ago, Jinchu said:

The software drivers included in both the iOS and Android operating systems are closely guarded by the device manufacturers, and therefore exist within a "trust boundary." The factory-installed hardware that communicates with the drivers is similarly assumed to be trustworthy, as long as the manufacturer safeguards its supply chain. The security model breaks down as soon as a phone is serviced in a third-party repair shop, where there's no reliable way to certify replacement parts haven't been modified.

I think this is something similar to what EverythingApplePro did:

 

[captain_to_fire]

59 minutes ago, suicidalfranco said:

i always knew Louis was a shady with his rants about hard to repair stuff and all

 

I don't even like the guy. I tried watching his videos and most of the time he's just whining and ranting. 

[Drak3]

@themctipers The difference between a monitor and a phone screen, is that a monitor can only feed back basic information about the resolutions, refresh rate, and monitor ID. A phone screen acts as the primary input, and it takes a dedicated and relatively complex processing subsystem to make touch input usable.

 

@DrMacintosh Except that an individual employee can easily do with and quit his/her job once they've done it. That becomes easier when it's a small business that can't easily monitor employees. The part sold to the business can also be compromised before the business acquires it.

[Sniperfox47]

Yes, because shady repair centers have access to getting custom SoCs fabbed for modding screens for specific phones to abuse vulnerabilities in their driver code...

 

Or are you saying how customer wouldn't notice the breadboard and wires pushing his touch digitizer and screen away from his super tightly packed phone...?

 

 

If your device is hardware compromised you can't trust it. Period. But this kind of attack, while feasible for a state sponsored actor or large company isn't really feasible for Sally repairwoman down the street...

[themctipers]

44 minutes ago, Drak3 said:

@themctipers The difference between a monitor and a phone screen, is that a monitor can only feed back basic information about the resolutions, refresh rate, and monitor ID. A phone screen acts as the primary input, and it takes a dedicated and relatively complex processing subsystem to make touch input usable.

 

@DrMacintosh Except that an individual employee can easily do with and quit his/her job once they've done it. That becomes easier when it's a small business that can't easily monitor employees. The part sold to the business can also be compromised before the business acquires it.

Am pretty sure you can get displayport or HDMI to act as a input device, I know that touch screen desktop monitors are a thing. If not, then just have it be a USB connection, and have a hub on the back so the end user goes: oh, its for USH hub!

[Drak3]

1 minute ago, themctipers said:

Am pretty sure you can get displayport or HDMI to act as a input device, I know that touch screen desktop monitors are a thing. If not, then just have it be a USB connection, and have a hub on the back so the end user goes: oh, its for USH hub!

Only if that HDMI or DP is configured by manufacturer to accept input. Which no GFX card or mainboard does. And HDMI/DP don't accept or care abput info that isn't basic display data or the images.

Also, touch screens on desktops require the use of USB.

[themctipers]

Just now, Drak3 said:

Only if that HDMI or DP is configured by manufacturer to accept input. Which no GFX card or mainboard does. And HDMI/DP don't accept or care abput info that isn't basic display data or the images.

Also, touch screens on desktops require the use of USB.

interesting. i thought DP/HDMI would be able to input touch, i know that touchscreen monitors are a thing and i am assuming they don't require some other connector, do they? 

still could do that usb idea  

[Drak3]

Just now, themctipers said:

interesting. i thought DP/HDMI would be able to input touch, i know that touchscreen monitors are a thing and i am assuming they don't require some other connector, do they? 

still could do that usb idea  

Touchscreen monitors use HDMI/DP and USB, or they can be entire USB or Thunderbolt based.

[themctipers]

Just now, Drak3 said:

Touchscreen monitors use HDMI/DP and USB, or they can be entire USB or Thunderbolt based.

 then have the attacking monitor have USB input, 

[Sauron]

You know how this would be easily solved? If LG, Apple and everyone else made genuine, certified replacement parts readily available to repair shops, none of this would be a concern. It would be the repairer's responsibility to make sure the parts they use are genuine or face legal action from the customers and it would put a stop to the illicit traffic of "malicious" parts. On top of that, if the device drivers where open or at least regularly updated by the manufacturer, this wouldn't be a concern. So the problem here is 100% on the manufacturer's end.

 

Even the article says it:

Quote

The researchers outline a series of low-cost hardware-based countermeasures manufacturers can implement that would protect devices from attacks that rely on malicious screens

Quote

Another defense might be for replacement parts to undergo some sort of certification process

As for "legitimate" repair provided by, say, Apple themselves, I would bet there are little to no checks that ensure whatever gets to them from China doesn't contain the same malicious payload - the most they'll do is an external physical inspection and a color/input calibration test. Hell, as far as we know some brand spanking new devices could contain this. I don't believe they do (just like I don't belive the majority of third party parts do), but in theory it's possible.

[System Error Message]

windows, android and ios are all spyware, smaller businesses want a slice too!

[Zodiark1593]

On 20/08/2017 at 7:19 AM, Jito463 said:

Same here.  We ask for customer's PINs because we need to test the full range of the digitizer input, to make certain the new screen is working correctly without issue.  We've rarely had an issue with the customer refusing, although a few have chosen not to give it to us, so we weren't able to test it until they came to pick it up.

 

Why, just last week customer #3547 gave us the PIN of 12345.  I told him we'd never share it with anyone.

 

 

 

If not a joke, remind me to not recommend wherever you're working at.

 

I DIY here, so my only fear would be already-tampered components. 

Edited August 22, 2017 by wkdpaul

[sof006]

14 hours ago, themctipers said:

don't worry if its a screen

 

its literally a screen, 

 

 

think about it

 

 

 

do you worry about buying a used asus monitor because it might have a virus?

Thats what they WANT you to think though (seriously). How do you know they aren't installing additional hardware into your phone that does something malicious? Just because they're replacing your screen doesn't mean they wont do something else to it as well.

[themctipers]

57 minutes ago, sof006 said:

Thats what they WANT you to think though (seriously). How do you know they aren't installing additional hardware into your phone that does something malicious? Just because they're replacing your screen doesn't mean they wont do something else to it as well.

tinfoil hats and socks 

 

because the electromagnetic waves the government sends out can penetrate your feet too and then it can travel up the blood stream to your brain!

[Nicnac]

Thank god I have an iPhone that can't be fixed. 

[spartaman64]

On 8/20/2017 at 3:42 AM, RedRound2 said:

I've always said this. It's impossible to know if a third party phone repairer does something in the phone that can potentially compromise security 

 

This was precisely the reason why apple disabled touch id if the phone detected that it wasn't an official module 

But haters usually went overboard and tried their best to portray apple as an evil corporation 

 

Fixing an apple device out of warranty can be expensive as they tend to replace entire components as opposed to fixing them,  but majority of the people who faces problems in their devices will either be covered under warranty or there will usually be a free of charge under Apple recall program 

and restaurants can put anything in your food but do you stop going to restaurants 

[RedRound2]

11 minutes ago, spartaman64 said:

and restaurants can put anything in your food but do you stop going to restaurants 

I'm sorry, but who are the restaurant and customers here?

[MeDownYou]

On 8/20/2017 at 3:31 AM, DrMacintosh said:

This would be extremely useless. 

 

1 it only effects people who need a repair and are willing enough to show up to a pedo who runs a repair shop

2 doesn't give anyone anything useful. You don't get to log into a screen mirror without the OS knowing about it

3 what are they going to do? most apps don't show the passwords you enter and modern smartphones require a 2nd level of description such as a finger print or another device other than the one you are using. 

 

The whole thing is a joke. Getting a few bucks worth of info of a person who got their phone fixed isn't worth a business. 

Most are more concerned that your eBay seller that sells 10k phone screens for you to install yourself will do this to their stock 

[DrMacintosh]

45 minutes ago, MeDownYou said:

Most are more concerned that your eBay seller that sells 10k phone screens for you to install yourself will do this to their stock

Don't buy parts from eBay. 

[MeDownYou]

 

 

On 8/21/2017 at 1:23 PM, DrMacintosh said:

Don't buy parts from eBay. 

Where do you think places like your local shop get their supply? Having worked at a place all is 3rd party as oem doesn't sell us parts

[DrMacintosh]

11 minutes ago, MeDownYou said:

Where do you think places like your local shop get their supply?

Don't know, local shops know better than to try this if they want to exist. 

[mr moose]

1 minute ago, DrMacintosh said:

Don't know, local shops know better than to try this if they want to exist. 

Nearly all businesses buy from the cheapest supplier.  Very few will pay more fore something if they can get away with cheaper.

 

 

This is something that people should be wary of.  We used to think ATM's were safe until people started putting card readers on them, we used to think eftpos machines in service stations were safe also.  The fact is nothing is safe if someone wants to get access to your banking details.   So regardless of how likely your "small" repair shop is going to intentionally install this doesn't negate the fact it should be considered a real threat.

 

 

[SpaceGhostC2C]

On 8/20/2017 at 9:48 AM, Jinchu said:

If I buy a screen from ebay, I have no way of separating tampered screen from a normal one.

Of you get it from the OEM, you have no way of separating tampered screen from a normal one. 

On 8/20/2017 at 9:50 AM, Fetzie said:

And if the part itself is compromised? Which can happen without the knowledge of the person actually doing the repair.

Or if the repair employee is compromised? Which can happen without the knowledge of the OEM. 

On 8/20/2017 at 10:42 AM, RedRound2 said:

I've always said this. It's impossible to know if a third party phone repairer does something in the phone that can potentially compromise security 

It's impasible to know if OEM repairer does something like that either. 

 

Some people demonstrated an academic risk, and we start freaking out like we are playing Russian roulette every time we dare repair something...

 

On 8/20/2017 at 2:24 PM, Jito463 said:

Rents?  Did you mean rants?

Rants to protect his rents