Home / News, Videos & Publications / News / Homeland & Cyber Security /

Think Twice Before Buying Replacement Phone Parts

Think Twice Before Buying Replacement Phone Parts

July 24, 2017

Homeland & Cyber Security

Forbes – Your smartphone may not be as safe as you think. And the last thing you want to do is help your hacker.

Industry reports found that over 600 new vulnerabilities were discovered in the iOS and Android operating systems in 2016, with mobile malware detections doubling to a total of 8.4 million.

Smartphone users often unwittingly open up their devices to malware through phishing scams (a quest for confidential information under false pretenses in order to fraudulently obtain private financial data or passwords) or by installing apps that are secretly repackaged with malware and downloaded from third-party app stores.

Prof. Yossi Oren

But getting you to install bad software is not the only way hackers might compromise your phone. Something as simple as replacing a cracked screen could set you up. That’s because all mobile devices are a combination of hardware and software, offering many attractive options to imaginative and resourceful hackers.

Dr. Yossi Oren, of the BGU Department of Software and Information Systems Engineering, is dedicated to exploring vulnerabilities emerging from this interface, citing “cyber attacks that allow the extraction of secret information from various devices by exploiting their precise physical behaviors such as power consumption, electromagnetic emanations, heat, or vibration.”

At Cyber Week 2017, a conference of global cyber security experts held in Tel Aviv, Omer Schwartz, a graduate student in Dr. Oren’s lab, demonstrated what could happen to your data when you install a replacement part on your phone.

In his presentation, Schwartz convincingly argued that phone companies may perform very few integrity checks between the component and the phone’s main processor, thus compromising consumer trust.

This vulnerability potentially allows hackers to use a tampered replacement part, like a new screen, to steal passwords, manipulate media stored on the phone and perform unauthorized app downloads.

Schwartz and his colleagues at Prof. Oren’s lab have published their research and have developed a firewall program that protects Android phones from this type of attack.

Using machine learning algorithms, the program monitors communications between the phone’s components and its CPU, looking for anomalies that may indicate the presence of malicious code.

The researchers are seeking to further test the patent-pending technology with phone manufacturers.

Read more on the Forbes website >>