“Shattered Trust” Paper Shows How Replacement Smartphone Components Can Carry Security Vulnerabilities
A recent paper entitled “Shattered Trust” by Omer Shwartz, Amir Cohen, Asaf Shabtai and Yossi Oren has emerged. This paper shows how a replacement touchscreen for a Nexus 6P coupled by exploiting the Synaptics S3718 touchscreen driver led to an ability to entirely control the device via kernel execution. With one simple idea and a modified replacement screen, the team behind “Shattered” took over the entire device. This paper serves as a warning to those who purchase cheap, non-OEM components for their devices.
Many of us have probably replaced a screen of a device we’ve owned at some point in our lives. I know many people who have smashed their phone, only to replace the screen and the following week smash it again. Phone screens are fragile, and according to a study from Motorola in 2015, referenced by the paper, about 50% of all smartphone users have at some stage broken their screen.
The importance of OEM replacement parts
It’s important to buy OEM parts, and not just because they’re authentic and guaranteed to work. With OEM parts, you’re receiving the same hardware that would have been built into another phone of the same model and sold in an official store. Buying fake replacement parts runs the risk of failure and thus wasted money. However, there’s another risk that many do not account for, and that is the part being a vector of attack against your device.
As can be seen in the YouTube playlist above, multiple attacks target the device through the replacement screen and execute malicious tasks designed to steal the data of the user or invade their privacy. The device not only can execute touch screen tasks, but can also exploit the touch screen driver, gain elevated privileges and replace links with phishing links, log things the user does etc. This is just a proof of concept, but a very well made proof of concept which demonstrates just how simple it is with one non-OEM replacement component to attack a user without them even knowing.
How it works
The team behind Shattered targeted the driver operating the Synaptics S3718 touchscreen inside the device. This driver is launched as part of the kernel, and with sufficient control over the driver one can gain control over the kernel. They reverse engineered the touchscreen via source code of the driver, physical disassembly of the device and using the Saleae logic analyzer. Once they figured out how the touchscreen interacted on a kernel level with the driver, they then manipulated various vulnerabilities within the driver to gain arbitrary code execution. This method is called ROP chaining and has been used on other devices (such as the Nintendo 3DS) to gain kernel execution. ROP chaining is a common attack vector for devices as it is executing machine instruction sequences that are already in memory from the call stack, hijacking control flow. To put it simply, this is taking over already accessible functions that the driver has access to and manipulating them to move around in the memory allocated, until eventually the exploit can break free from the driver and control the kernel. This is using what’s called a “buffer overflow” to write over protected kernel memory. A buffer overflow is simply writing too much data to a parameter that it “spills out” of the memory allocated to said parameter by overriding the allocated boundaries and overwriting proximate memory locations. This sometimes allows code execution. While this is a short and general explanation, it should give you an idea of how it works.
With this simple driver exploit, the team behind “Shattered” were able to
- Enable any application to call root access
- Disable SELinux blocking
- Disable the buffer check allowing various other system wide exploits
- Create a hidden exploit (a backdoor) within the kernel.
All of this was begun on an unmodified Google Nexus 6P. The device was factory reset, bootloader was locked and they took complete control over the device. A demonstrated attack method in one of the videos is shown below.
Those behind “Shattered” decided to then try the Samsung Galaxy S5, LG Nexus 5x and LG
Nexus 5. All were susceptible to the vulnerabilities outlined above. All of these use a Synaptics touchscreen however, so changing touchscreen hardware entirely to demonstrate the scope of devices this can affect, the authors then tried the LG G Pad 7.0. This tablet uses the Atmel T641 touchscreen, yet still was found vulnerable after the same methodology to take control of the kernel and exploit vulnerabilities was applied. This demonstrates the wide range of devices that could be found to be vulnerable.
What can be done?
Firstly, most devices have a “trust zone” of applications they allow to access the kernel. As the driver in question operates the touch screen, this is within the trust zone and thus is never verified to be tampered with or not. The authors suggest the driver be verified as well. The authors of the paper also suggest a hardware-based firewall, monitoring data exchanged between the hardware and the device and blocking any attempts at an attack. They note that its simplicity means it can be implemented a lot quicker than researching cryptographic verification. Check out the page down below, the full paper is located on the page!