That’s what some experts are saying. According to a study published by researchers from Ben-Gurion University of the Negev, third-party touchscreen panels could potentially contain malicious hardware and/or software, allowing hackers and other nefarious individuals to access the device’s data while performing other actions without the owner’s permission.
For the study, researchers performed simulated attacks on two Android-powered touchscreen devices: the Nexus 6P and LG G Pad 7.0. The goal was to take control of these devices by exploiting a malicious chip installed the touchscreen interface. Researchers found that touchscreen devices with this chip allowed them to access the devices’ photos, videos, apps and more. Furthermore, researchers say the device is difficult to detect because anti-virus software is unable to identify the vulnerability.
Normally, performing a factory reset — restoring the device to its factory settings — is a catch-all solution that fixes a myriad of problems associated with touchscreen devices. Unfortunately, though, performing a factory reset isn’t a cure for this vulnerability. As explained by the study’s researchers, the vulnerability exists on a hardware level. Therefore, performing a factory reset won’t fix it. Even if you restore the device to factory settings, the hardware presenting the vulnerability will remain.
Surprisingly, this attack doesn’t require much technical expertise either. In this study, researchers embedded the malicious chips by soldering them to the touchscreen controller with a hair dryer. Researchers explain that a “motivated adversary” could perform a large-scale attack using this technique on replacement touchscreen components, which would present a serious security risk to the countless number of touchscreen users.
“A well motivated adversary may be fully capable of mounting such attacks in a large scale or against specific targets. System designers should consider replacement components to be outside the phone’s trust boundary, and design their defenses accordingly,” wrote researchers.
If you’ve dropped a touchscreen smartphone or tablet, only to discover a large crack in the screen, you aren’t alone. Statistics show that more than half of all smartphone users have damaged their screen at least once. Granted, some people continue using their damaged smartphone, but others seek repairs and/or replacement screens from a third party. If you take the latter action, you should choose the company from which you purchase these replacements and repairs wisely. As revealed in this study, nefarious individuals and companies could theoretically install malicious hardware on replacement components for touchscreen devices.
You can learn more about this study by clicking here.