RALEIGH, NC – As technology gets more sophisticated, so are the scams you need to watch out for.
Turns out, there’s a new way criminals might hijack your phone by using a common replacement part.
You know the scenario:
You’re on the phone, preoccupied, when you accidentally drop your phone shattering its screen. So it’s off to the local repair shop to get it fixed.
But unbeknownst to you, or the cell phone repair person, the new screen you are getting could end up spying on you because criminals have altered it and then shipped those altered screens to legitimate, third-party repair shops.
It’s a prospect that worries some.
“Why would I want my phone to spy on me? Why would anyone want their phone to spy on them? That makes me very nervous,” says smartphone owner Michele Collins.
It’s called a “chip in the middle attack.”
Here’s how it works.
A tiny chip is embedded into a replacement screen. The chip can be applied to the screen with relative ease and then used to hack into the phone.
The hacked screen looks so much like the real thing that even the repair tech may not be able to notice the difference.
Researchers at Ben-Gurion University conducted a study to prove such attacks are feasible.
In their paper titled, “Shattered Trust: When Replacement Cell Phone Components Attack,” they showed how a “chip-in-the-middle” touchscreen could allow criminals to record keyboard inputs, download malicious apps or even direct you to phishing websites.
Having a phone that can be hacked to spy on you is quite the technological nightmare.
“I would say it’s extremely frightening because you’re always walking around with your phone,” says smartphone user Gregory Dixon.
According to sales figures, there are more than two billion smartphones in circulation currently, which make a lot of potential targets.
The researchers say the attacks can be conducted on phones which run the Android system. Although they don’t mention Apple smartphones specifically, some technology experts believe iPhones too could be vulnerable to the same kind of attack.
The researchers who revealed the “chip in the middle” vulnerability say it’s now up to cell phone makers to devise a way to guard against this kind of attack with some sort of physical barrier to prevent it. That’s because the compromised chip is a piece of hardware, and anti-virus software can’t detect it.
In the meantime, be wary of who fixes your phone. One way to make sure your phone’s replacement parts are legit is to use trusted retailers.