@inproceedings{bc2ecc93dcd546f4a4ce40fc4ae0eae4,
title = "From smashed screens to smashed stacks: Attacking mobile phones using malicious aftermarket parts",
abstract = "In this preliminary study we present thefirst practical attack on a modern smartphone whichis mounted through a malicious aftermarket replace-ment part (specifically, a replacement touchscreen). Our attack exploits the lax security checks on thepackets traveling between the touchscreen's embed-ded controller and the phone's main CPU, and isable to achieve kernel-level code execution privilegeson modern Android phones protected by SELinux. This attack is memory independent and survives datawipes and factory resets. We evaluate two phonesfrom major vendors and present a proof-of-concept attack in actual hardware on one phone and an emulation level attack on the other. Through a semi-automated source code review of 26 recent Androidphones from 8 different vendors, we believe that ourattack vector can be applied to many other phones, and that it is very difficult to protect against. Similarattacks should also be possible on other smart devicessuch as printers, cameras and cars, which similarlycontain user-replaceable sub-units.",
keywords = "Android, Cyber security, Driver, Hardware security, Smarthphone",
author = "Omer Shwartz and Guy Shitrit and Asaf Shabtai and Yossi Oren",
note = "Publisher Copyright: {\textcopyright} 2017 IEEE.; 2nd IEEE European Symposium on Security and Privacy Workshops, EuroS and PW 2017 ; Conference date: 29-04-2017 Through 30-04-2017",
year = "2017",
month = jun,
day = "30",
doi = "10.1109/EuroSPW.2017.57",
language = "American English",
series = "Proceedings - 2nd IEEE European Symposium on Security and Privacy Workshops, EuroS and PW 2017",
pages = "94--98",
booktitle = "Proceedings - 2nd IEEE European Symposium on Security and Privacy Workshops, EuroS and PW 2017",
}