Shattered Trust: When Replacement Smartphone Components Attack

Authors: 

Omer Shwartz, Amir Cohen, Asaf Shabtai, and Yossi Oren, Ben Gurion University

Abstract: 

Phone touchscreens, and other similar hardware components such as orientation sensors, wireless charging controllers, and NFC readers, are often produced by third-party manufacturers and not by the phone vendors themselves. Third-party driver source code to support these components is integrated into the vendor’s source code. In contrast to “pluggable” drivers, such as USB or network drivers, the component driver’s source code implicitly assumes that the component hardware is authentic and trustworthy. As a result of this trust, very few integrity checks are performed on the communications between the component and the device’s main processor.

In this paper, we call this trust into question, considering the fact that touchscreens are often shattered and then replaced with aftermarket components of questionable origin. We analyze the operation of a commonly used touchscreen controller. We construct two standalone attacks, based on malicious touchscreen hardware, that function as building blocks toward a full attack: a series of touch injection attacks that allow the touchscreen to impersonate the user and exfiltrate data, and a buffer overflow attack that lets the attacker execute privileged operations. Combining the two building blocks, we present and evaluate a series of end-to-end attacks that can severely compromise a stock Android phone with standard firmware. Our results make the case for a hardware-based physical countermeasure.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@inproceedings {206166,
author = {Omer Shwartz and Amir Cohen and Asaf Shabtai and Yossi Oren},
title = {Shattered Trust: When Replacement Smartphone Components Attack},
booktitle = {11th USENIX Workshop on Offensive Technologies (WOOT 17)},
year = {2017},
address = {Vancouver, BC},
url = {https://www.usenix.org/conference/woot17/workshop-program/presentation/shwartz},
publisher = {USENIX Association},
month = aug
}