Mobile phone users who trusted service centers where they repair devices can become cyber espionage victims. For the time being, this is only a theoretical opportunity, shown by information security specialists, but in this case the theory can easily become a practice, if it has not already. About users of mobile devices, which after repair found in their phones "bugs", especially nothing is audible. Perhaps the only reason is that such modules are well hidden.
A report on the work done, published by a group of hackers, can cause easy (or not) paranoia for many mobile device owners. But there is no need to be surprised at the possibility of wiretapping – it's not so hard to do. And the victims of cyber espionage can be both users of Android phones, and owners of iOS devices.
In addition to publishing the documentation, the authors of the study also reported on their research at the 2017 Usenix Workshop on Offensive Technologies. The main problem is that the phones leaving the factory are more or less reliable. Most companies control production cycles at their enterprises well, so that third-party intervention, in order to install "bugs" is not that impossible, but unlikely. But after the release of the phone or tablet from the factory to control the device is no longer possible.
In this case, the user who broke the screen of his device and applied to a repair company may become a victim of unscrupulous employees of repair services. That's what the researchers themselves at the David Ben-Gurion University in the Negev say about this: "The threat of installing malicious software inside consumer devices should not be perceived with disbelief. As shown in this document, attacks using this type of hardware are real, scalable, and invisible for most verification technologies. A motivated attacker can conduct attacks on a large scale, or they can direct their efforts to a specific goal. The hardware architects should consider the possibility of protecting spare parts. "
As an example, researchers used a conventional touch screen, equipped with a built-in chip that allowed to intercept data coming from the screen to the common bus and vice versa. This technique is called "chip-in-the-middle". Attack of this type allows not only to intercept, but also to modify the data discussed above.
The chip, installed by researchers, is equipped with special software that allows you to perform a wide range of actions with a user device. For example, a modified touchscreen can lock the device's unlock passwords, the camera can take photos (without the slightest indication of any action) of everything that is in front of the lens and send pictures to the burglar in the presence of the Internet.
The most interesting thing is that this does not require any supercomplex chips – they can be designed by a good electronics specialist, and any more or less specialized Chinese factory can produce already developed modules. Chinese businessmen do not care what they order – there will be very few people to understand.
As a result, a new touchscreen installed on the phone will help an attacker to offer phishing addresses to a user, forcing him to enter passwords into fake forms of social networks and other resources. Monitoring of the user's actions can be conducted in 24/7 mode.
In order to send their own commands to the phone, the researchers used Arduino with the ATmega328 module. They also used the microcontroller STM32L432. According to the authors of the study, other microcontrollers can also be used. Of course, the test sample of the equipment is not miniature at all, but if you want, you can also develop what will be placed in the phone's case. And the size of this "something" can be very small, so the user will not understand that there is something wrong with his phone.
However, the fact that the developers conducted experiments with the Android device does not at all mean that similar actions can not be performed with iOS or any other mobile operating system. The only way to protect the phone is to certify the spare parts for the devices, although it's difficult to do. To implement certification, it is necessary to obtain the consent of many mobile device manufacturers from different countries, develop some standards, and obtain approval of these standards in different countries. This is a very slow process, which, moreover, also does not bring anything (in terms of money) to the initiator of such a project. So it is unlikely in the near future someone will undertake to implement something like this.
The worst thing is that this kind of attack can already be used by organizations like NSA – we just do not know anything about it yet. Technicians in the service centers may not even know that the bugs built into the spare parts are installed in the phone. If the equipment is properly miniaturized, then no one will notice anything, and the attacks can be very large.
Many repair services have access to user devices, which are not monitored by anyone. Therefore, the probability of a hardware attack is permanently high, especially since it is almost impossible to detect it. According to some reports, every fifth smartphone in our time – a broken screen that the user seeks to replace as quickly as possible and as cheap as possible.
Not only spare parts
Smartphones have appeared for a long time, and it would be naive to believe that no one has yet learned to eavesdrop and peep at the owners of such devices and for their data. Over the past time, there have been many different ways to get information that interests an attacker.
For example, in 2014, scientists from Stanford developed a Gyrophone application that could use a gyro as a microphone. And this application works only with Android smartphones – the iPhone gyros operate with oscillations below 100 Hz.
But in Android devices gyroscopes are installed, which are capable of perceiving vibrations with a frequency of 80-250 Hz, that is, almost the full range of audio frequencies available to the person's ear. The most interesting thing is that permission is not required to gain access to the gyroscope.
In addition, it is possible to track devices (not just telephones) with the help of passive monitoring of wireless WiFi networks. At the same time, a system that listens to traffic does not deliver itself, so it is almost impossible to detect it.
But most of all the audition capabilities, of course, the special services. The same NSA forced those organizations that could "reach out" to the US to leave bookmarks, which discredited many security standards that were considered reliable and used by a mass of organizations and ordinary users.
Back in 2012, the agency collected data on 70% of mobile networks from around the world. And even the GSM Association, an international organization of telecoms, was able to audition, and recommendations on new communication standards are being developed.
Another agency installed bookmarks in various applications for mobile devices, including the BlackBerry, which were considered well-protected. Smartphones of this manufacturer were used by famous politicians, including US President Barack Obama and many other officials from different countries.
This is not a complete list of problems with listening, but just a few examples. The list is actually much, much more – and this is only for known methods of listening and stealing data from mobile devices. That is, we are talking only about the tip of the iceberg.