Shattered trust: When replacement smartphone components attack

Omer Shwartz, Amir Cohen, Asaf Shabtai, Yossi Oren

11th USENIX Workshop on Offensive Technologies (WOOT 17), 2017

Phone touchscreens, and other similar hardware components such as orientation sensors, wireless charging controllers, and NFC readers, are often produced by third-party manufacturers and not by the phone vendors themselves. Third-party driver source code to support these components is integrated into the vendor’s source code. In contrast to “pluggable” drivers, such as USB or network drivers, the component driver’s source code implicitly assumes that the component hardware is authentic and trustworthy. As a result of this trust, very few integrity checks are performed on the communications between the component and the device’s main processor.