"Bug" in the parts for the smartphone - another opportunity for a spy

Mobile phone users who have trusted service centers where devices are being repaired can become victims of cyber espionage. So far this is only a theoretical possibility, shown by information security specialists, but in this case, a theory can easily become a practice, if it has not yet become. About mobile device users, who after repair found “bugs” in their phones, are not heard much. Perhaps the reason is that such modules are well hidden.



A report on the work done, published by a group of hackers, can cause mild (or not) paranoia among many mobile device owners. But it is not necessary to be surprised at the possibility of wiretapping - this is not so difficult to do. Moreover, both users of Android phones and owners of iOS devices can become victims of cyber espionage.



In addition to publishing documentation, the study authors also reported on their research at the 2017 Usenix Workshop on Offensive Technologies conference. The main problem is that the phones leaving the factory are more or less reliable. Most companies control production cycles in their enterprises quite well, so that the intervention of a third party in order to install “bugs” is not that impossible, but unlikely. But after the release of the phone or tablet from the factory to control the device is no longer possible.



In this case, the user, who broke the screen of his device and went to a repair company, may become a victim of unscrupulous repair service employees. Here's what the researchers themselves say at the David Ben-Gurion University in the Negev : “The threat of installing malicious software inside consumer devices should not be perceived with a grain of salt. As shown in this document, attacks using this kind of hardware are very real, scalable, and invisible for most verification technologies. A motivated attacker can carry out attacks on a large scale, or else direct their efforts towards a specific target. Hardware architects should consider protecting spare parts. ”





As an example, the researchers used a conventional touch screen, equipping it with a built-in chip, which allowed intercepting data from the screen to the common bus and vice versa. This technique is called "chip-in-the-middle". This type of attack allows not only to intercept, but also to modify the data, which were discussed above.



The chip installed by the researchers, is equipped with special software that allows you to perform a wide range of actions with the user device. For example, a modified touchscreen can capture device unlocking passwords, a camera — take photographs (without any signs of any actions) whatever is in front of the lens and send pictures to an intruder when there is Internet access.



The most interesting thing is that for this no supercomplicated chips are needed - a good electronics specialist can design them, and any more or less specialized Chinese factory can produce already developed modules. Chinese merchants don't care what they are ordered to - few people will understand.



As a result, the new touchscreen installed on the phone will help the attacker to offer the user phishing addresses, force him to enter passwords into fake forms of social networks and other resources. Monitoring of user actions can be conducted 24/7.





In order to send their own commands to the phone, the researchers used the Arduino with the ATmega328 module. They also used the STM32L432 microcontroller. According to the authors of the study, other microcontrollers can also be used. Of course, the test sample of the equipment is not at all miniature, but if you wish, you can also develop something that will fit in the phone case. Moreover, the size of this “something” can be very small, so the user will not understand that something is wrong with his phone.



At the same time, the fact that the developers conducted experiments with the Android device does not mean at all that similar actions cannot be performed with iOS or any other mobile operating system. The only way to protect the phone is to certify spare parts for devices, although this is difficult to do. To implement certification, you need to obtain the consent of many manufacturers of mobile devices from different countries, develop some standards, get approval of these standards in different countries. This is a very slow process, which, moreover, will bring nothing (in terms of money) to the initiator of such a project. So it is unlikely that in the near future someone will undertake to realize something similar.



Worst of all, this type of attack can already be used by organizations like the NSA - we just don't know anything about it yet. Technicians in service centers may not even be aware of the fact that bugs embedded in the parts are installed in the phone. If the equipment is properly miniaturized, then no one will notice, and attacks can be very large-scale.







The user devices have access to a variety of repair services, the work of which no one watches. Therefore, the probability of a hardware attack is relatively high, especially since it is almost impossible to detect it. According to some data, every fifth smartphone in our time has a broken screen that the user seeks to replace as quickly as possible and as cheaply as possible.

Not only parts

Smartphones appeared quite a long time ago, and it would be naive to believe that no one has yet learned how to eavesdrop and spy on the owners of such devices and their data. Since then, many different ways have been presented to obtain information of interest to the attacker.



For example, in 2014, scientists from Stanford developed a Gyrophone application that can use a gyroscope as a microphone. Moreover, this application works only with Android smartphones - for iPhone, gyroscopes work with fluctuations with a frequency below 100 Hz.



But in Android devices installed gyros, which are able to perceive vibrations with a frequency of 80-250 Hz, that is, just about the full range of sound frequencies available to the human ear. The most interesting thing is that permission to gain access to the gyroscope is not requested.



In addition, devices (not only phones) can also be tracked using passive monitoring of wireless WiFi networks. At the same time, the system that listens to traffic does not produce anything, so it is almost impossible to detect it.





But most of all opportunities to listen, of course, from the special services. The same NSA forced those organizations to which it was possible to “reach out” in the USA to keep tabs, thanks to which many safety standards that were considered reliable and were used by many organizations and ordinary users were discredited .



Back in 2012, the agency collected data on 70% of mobile networks from around the world. Moreover, they even managed to listen to the GSM Association, an international organization of telecoms, where recommendations are being developed for new communication standards.



Another agency set bookmarks in various applications for mobile devices, including BlackBerry, which were considered well, very secure. Famous politicians, including US President Barack Obama and many other officials from different countries, used the smartphone of this manufacturer.



This is not a complete list of problems with listening, but just a few examples. The list is actually much, much longer - and this is only for known methods of listening and data theft from mobile devices. That is, we are talking only about the tip of the iceberg.