Third Party iPhone Repairs Could Be Installing Tracking Equipment
iPhone repair centers could be installing malicious hardware.
A recent paper presented by researchers at the Ben-Gurion University of Negev, Israel, suggests that iPhone users may run risks when using third party iPhone repairs.
According to the paper, it’s possible for tracking equipment to be installed during third party iPhone repairs. The research mentions that devices with cracked screens or other components are open to tampering as soon as they hit the repair center.
Whilst there are few case studies of this happening in real life, the researchers have shown that it’s possible for such malicious repair businesses to exist out in the wild. “Attacks by malicious peripherals are feasible, scalable, and invisible to most detection techniques. A well-motivated adversary may be fully capable of mounting such attacks on a large scale or against specific targets.”
The researchers called for OEMs and manufacturers to make their hardware more tamper-proof. The researchers say that it would be possible for manufacturers to equip their smartphones with “A low-cost, hardware-based solution in the form of I2C interface proxy firewall.”
The researchers continued by saying, “Such a firewall can monitor the communication of the I2C interfaces and protect the device from attacks originating from the malicious screen. Placing this device on the motherboard means that it will not be affected by malicious component replacement. The use of a hardware countermeasure allows for protection against both added malicious components and modified firmware attacks.”
Typically, manufacturers offer their own first-party repair services, and when going through those, consumers can have confidence in knowing their devices will come back without being tampered with.
However, third party repair centers often undercut the prices that manufacturers offer, which gives a lot of room for third party iPhone repairs to be tampered with.
Once again, having this happen to your own smartphone is very unlikely, but the potential for this to happen is out there. If a third party iPhone repair center were to maliciously install hardware onto the smartphones that come in for repair, they’d potentially have full remote access to the device.
The same malicious attempts could be carried out on Android smartphones. Malicious repair centers could also have the chance to install software onto the smartphone after a factory reset which could also track user’s information. Such software could be used for SMS tracking, email tracking, or other types of data tracking.
Malicious attempts to install keyloggers that could record your passwords and bank account information could also occur.
Hopefully, the researchers will have their paper seen by the correct people, because this kind of security flaw is massive. There’s very little to stop repair centers from implementing malicious hardware and software onto existing smartphones, and it’s unlikely to be patched with an over-the-air update. However, smartphone manufacturers could prepare for the future by implementing the firewall hardware that was mentioned earlier in this article.
If you’d like to read more about the paper and the potential risks associated with sending your smartphone to a third party repair center, you can read the paper in its entirety here.
If you’re concerned about the potential risks associated with third party repairs, you should contact your manufacturer directly. The process may cost more and may take longer, but you’ll be able to know confidently that your device hasn’t been tampered with.