Shattered trust: When replacement smartphone components attack

Omer Shwartz, Amir Cohen, Asaf Shabtai, Yossi Oren

Research output: Contribution to conferencePaperpeer-review

13 Scopus citations

Abstract

Phone touchscreens, and other similar hardware components such as orientation sensors, wireless charging controllers, and NFC readers, are often produced by third-party manufacturers and not by the phone vendors themselves. Third-party driver source code to support these components is integrated into the vendor’s source code. In contrast to “pluggable” drivers, such as USB or network drivers, the component driver’s source code implicitly assumes that the component hardware is authentic and trustworthy. As a result of this trust, very few integrity checks are performed on the communications between the component and the device’s main processor. In this paper, we call this trust into question, considering the fact that touchscreens are often shattered and then replaced with aftermarket components of questionable origin. We analyze the operation of a commonly used touchscreen controller. We construct two standalone attacks, based on malicious touchscreen hardware, that function as building blocks toward a full attack: a series of touch injection attacks that allow the touchscreen to impersonate the user and exfiltrate data, and a buffer overflow attack that lets the attacker execute privileged operations. Combining the two building blocks, we present and evaluate a series of end-to-end attacks that can severely compromise a stock Android phone with standard firmware. Our results make the case for a hardware-based physical countermeasure.

Original languageEnglish
StatePublished - 1 Jan 2017
Event11th USENIX Workshop on Offensive Technologies, WOOT 2017, co-located with USENIX Security 2017 - Vancouver, Canada
Duration: 14 Aug 201715 Aug 2017

Conference

Conference11th USENIX Workshop on Offensive Technologies, WOOT 2017, co-located with USENIX Security 2017
Country/TerritoryCanada
CityVancouver
Period14/08/1715/08/17

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Hardware and Architecture
  • Information Systems
  • Software

Fingerprint

Dive into the research topics of 'Shattered trust: When replacement smartphone components attack'. Together they form a unique fingerprint.

Cite this