A Replacement Touch Screen Can Watch Expose Your Data

About a month and a half ago, we reported on a study that revealed that two-thirds of memory cards from discarded phones still contained data that was retrievable. The cards for the study were retrieved from resold smartphones and tablets, gathered from a variety of sources, including second-hand shops. Now new research is showing that repair shops can also be a source of worry for device owners.

In fact, this subject has been the subject of a previous study by the same research group. About a year ago, the researchers found that, with right the repair equipment and some know-how, a person is able to extract data or insert malware on Android handsets.

The compromise was inherent in the device’s system. One of the researchers explained: “In contrast to ‘pluggable’ drivers, such as USB or network drivers, the component driver’s source code implicitly assumes that the component hardware is authentic and trustworthy. As a result of this trust, very few integrity checks are performed on the communications between the component and the device’s main processor.” In other words, encryption, and software sandboxing become useless in this scenario.

At the time, the researchers successfully outfitted a replacement touch screen with a microcontroller that was able to access other components of the handset to prove their concept.

One Year Later…

More recently, the research group demonstrated that third-party screens can be used to pry on users’ activities.

It turns out that oftentimes when touchscreens are switched with third-party replacements, the latter is found to contain malicious code.

The research used “machine learning to determine the amount of high-level context information the attacker can derive by observing and predicting the user’s touchscreen interactions,” one of the researchers noted. “If an attacker can understand the context of certain events, he can use the information to create a more effective customized attack.”

The researchers recorded data from 160 touch interaction sessions of users using a variety of apps, registering metrics such as stroke velocity, duration and stroke intervals. Using machine learning, they were able to successfully “obtain high-level context information based on touch events alone,” which lead them to believe that “touch injection attacks are a more significant potential threat.”

In layman’s terms, it becomes possible to impersonate a user using that data.