14 DAY TRIAL // While in most of the cases hackers turn to software infections to take control of a phone, it looks like it’s becoming easier to break into a device using special hardware that could, in the end, provide full access to a device just like a traditional piece of malware.
Researchers at the Ben-Gurion University of the Negev have discovered that both Android and Apple devices are vulnerable to attacks that could be carried using replacement parts, including screens, which could exploit vulnerabilities with malicious chips.
The demonstration has been made on a Nexus 6P and an LG G Pad 7.0 tablet using Synaptics and Atmel touchscreen controllers, respectively. In both cases, researchers disassembled the devices to access the copper pads and launch a chip-in-the-middle attacks.
Just one second to load a malicious website
The chip, which the researchers manipulated in order to exploit vulnerabilities in the device driver, can provide attackers with full control of a device, in addition to rights for installing software, taking photos with the camera, and loading malicious URLs on the compromised smartphone.
The process typically takes just a few seconds, but the researchers claim that taking full control of a device with a such a method requires a little over 1 minute.
And the worst thing is that the hardware necessary to launch such an attack is super-affordable, though physical access to the device is obviously required.
On the good side, patching the vulnerabilities that could be exploited with such an attack helps users remain secure, and Google has already fixed the bug in the June 2017 Android security rollout. Apple, on the other hand, has remained tight-lipped on plans to address the vulnerabilities, as the security researchers warn that iPhones could also be exposed to similar attacks.
At this point, the team of experts is working with Armel device driver makers to patch the vulnerability as well, so more updates could be released soon.
