If you are in the habit of taking your smartphone in for repair at any service center, be aware that there is a further danger to the safety of your spare parts data. Researchers at the 2017 Usenix Workshop on Offensive Technologies have concluded that it is possible to include a chip to steal passwords and patterns on the touch screen without the user noticing.
First of all, it is good to note that a study was not carried out precisely to show that this happens, but only that it is possible. An alternative spare parts manufacturer, or even a malicious technician at heart, can put that chip in the replaced component and thereby gain access to the use of that device.
The user could not understand. It would be necessary for someone with hardware knowledge to disassemble the device and to detect if there is any additional part. Meanwhile, passwords, patterns and more would be stolen without even the system, be it Android or iOS, realize.
“The threat of a malicious peripheral existing inside consumer electronics should not be taken lightly. As this paper shows, attacks by malicious peripherals are feasible, scalable, and invisible to most detection techniques. A well motivated adversary may be fully capable of mounting such attacks in a large scale or against specific targets. System designers should consider replacement components to be outside the phone’s trust boundary, and design their defenses accordingly.”
The report shows that the danger exists in any operating system and that malicious chip can go beyond just stealing passwords and patterns drawn on the screen, taking pictures of the user, swapping URLs selected by phishing addresses and even install applications chosen by the attacker.
For now, there is no proven evidence that there is such a malicious chip circulating around, but the question is already alert. Anyone who has problems with a cracked screen or a bloated battery, for example, it is best to be careful where you take your smartphone for repair.