• Corpus ID: 33582662

Shattered Trust: When Replacement Smartphone Components Attack

@article{Shwartz2018ShatteredTW,
  title={Shattered Trust: When Replacement Smartphone Components Attack},
  author={Omer Shwartz and Amir Cohen and Asaf Shabtai and Yossef Oren},
  journal={ArXiv},
  year={2018},
  volume={abs/1805.04850}
}
Phone touchscreens, and other similar hardware components such as orientation sensors, wireless charging controllers, and NFC readers, are often produced by third-party manufacturers and not by the phone vendors themselves. Third-party driver source code to support these components is integrated into the vendor's source code. In contrast to 'pluggable' drivers, such as USB or network drivers, the component driver's source code implicitly assumes that the component hardware is authentic and… 

Figures and Tables from this paper

Inner conflict: How smart device components can cause harm

WIGHT: Wired Ghost Touch Attack on Capacitive Touchscreens

WIGHT is presented, the first wired attack that creates ghost touches on capacitive touchscreens via charging cables, and can manipulate the victim devices with undesired consequences, e.g., allowing malicious Bluetooth connections, accepting files with viruses, etc.

Practical, Low-Cost Fault Injection Attacks on Personal Smart Devices

It is argued that resistance to fault attacks should be built into additional classes of devices, and design and implement a low-cost fault injection circuit suitable for placement inside a malicious FRU that can be used to practically extract secrets from a privileged system process through a combined hardware-software approach.

GhostTouch: Targeted Attacks on Touchscreens without Physical Touch

This paper presents GhostTouch, the first active contactless attack against capacitive touchscreens, which uses electromagnetic interference (EMI) to inject fake touch points into a touchscreen without the need to physically touch it.

ThinSIM-based Attacks on Mobile Money Systems

This work demonstrates that a malicious ThinSIM can steal a user's mPesa credentials and initiate transactions without the user's consent or knowledge and proposes and proposes modifications to both STK and USSD-based mobile money systems to limit the impact of the discovered ThinSIM-based attacks.

Hardware Trojans in Electronic Devices

This chapter is a review of well-known hardware Trojans designed in order to be implemented into various electronic devices and includes the first-ever examination of actual and potential hazards of a new type—car viruses.

Malicious IoT Implants: Tampering with Serial Communication over the Internet

This paper designed and built a malicious IoT implant, a small electronic system that can be inserted in arbitrary electronic products, and shows the feasibility of leveraging malicious IoT implants for hardware-level attacks on safety- and security-critical products.

Power to peep-all: Inference Attacks by Malicious Batteries on Mobile Devices

This work shows the feasibility of the malicious battery and motivates further research into system and application-level defenses to fully mitigate this emerging threat.

Toward a Hardware Man-in-the-Middle Attack on PCIe Bus for Smart Data Replay

A hardware Man-in-the-Middle attack is presented, allowing real-time data analysis, data-replay and a copy technique inspired by the shadow-copy principle to be able to locate, duplicate and replay sensitive data on PCIe.

A Versatile Emulator of MitM for the identification of vulnerabilities of IoT devices, a case of study: smartphones

An emulator of Man-in-the-Middle (MitM) attack for vulnerabilities identification in IoT devices is presented and the proposed architecture performs a real-time data analysis, extraction and fault injection.

References

SHOWING 1-10 OF 25 REFERENCES

JoKER: Trusted Detection of Kernel Rootkits in Android Devices via JTAG Interface

'JoKER' - a system which aims at detecting rootkits in the Android kernel by utilizing the hardware's Joint Test Action Group (JTAG) interface for trusted memory forensics, and shows that although JTAG's main purpose is system testing, it can also be used for malware detection where traditional methods fail.

iSeeYou: Disabling the MacBook Webcam Indicator LED

An OS X kernel extension, iSightDefender, is built, which prohibits the modification of the iS sight's firmware from user space, which enables video to be captured without any visual indication to the user and can be accomplished entirely in user space by an unprivileged (non-root) application.

Protecting Commodity Operating System Kernels from Vulnerable Device Drivers

The design, implementation and evaluation of a novel security architecture that better isolates kernel data from device drivers without sacrificing performance or compatibility are presented and a runtime technique to automatically infer kernel data structure integrity is presented.

Penetration Testing for Android Smartphones

An attempt was made to test and analyze the security architecture of the Android operating system using the latest penetration testing and vulnerability tool based on Kali Linux, and shows that Version 4.2 is more secured than the others.

Rootkits on smart phones: attacks, implications and opportunities

The challenges that need to be addressed to effectively detect rootkits on smart phones are identified by identifying the social consequences ofrootkits particularly devastating.

Evolution, Detection and Analysis of Malware for Smart Devices

This article presents a detailed analysis on how malware has evolved over the last years for the most popular platforms and surveys, classify and discusses efforts made on detecting both malware and other suspicious software (grayware) between 2010 and 2013.

You Can Type, but You Can't Hide: A Stealthy GPU-based Keylogger

The evaluation of the prototype implementation shows that a GPU-based keylogger can eectively record all user keystrokes, store them in the memory space of the GPU, and even analyze the recorded data in-place, with negligible runtime overhead.

Dark Side of the Shader: Mobile GPU-Aided Malware Delivery

This paper presents how the Direct Memory Access (DMA) capabilities of a mobile GPU can be abused for a privilege escalation attack, and concludes that DMA-based malware is a serious threat to mobile devices.

Return-Oriented Rootkits: Bypassing Kernel Code Integrity Protection Mechanisms

The design and implementation of a system that fully automates the process of constructing instruction sequences that can be used by an attacker for malicious computations are presented and a practical attack that can bypass existing kernel integrity protection mechanisms is described.

Touchalytics: On the Applicability of Touchscreen Input as a Behavioral Biometric for Continuous Authentication

A classification framework that learns the touch behavior of a user during an enrollment phase and is able to accept or reject the current user by monitoring interaction with the touch screen is proposed.