In this edition of weird Android related stuff that came to me in a dream, I came up with a device police, government agencies, stalkers could use to gain access to your phone.
TL;DR – this was a dream, but pretty sure it’s relatively easy enough to make. Hardware assisted man in the middle attack.
The dream went my phone was stolen and a couple of minutes later my neighbor managed to find it when the robber ditched it. We had a short little chat about how stupid it was to steal a phone these days and I noticed the case didn’t seem to fit quite right on my phone but I went ahead and unlocked it thinking perhaps the case had busted when the thief chucked the phone.
The screen came up slowly. This being a dream I noticed. Then the screen went blank. I turned the screen back on and it was stuck in one of my apps that required biometric identification in the form of a fingerprint or face scan. Every time I tried exiting it it popped back in and still being shaken from the robbery I wasn’t thinking much and decided to just do it.
I noticed that the fingerprint scanner wasn’t in the right place when I touched it and then realized this wasn’t my phone and at that point it was too late.
In this case I’d dreamed up someone stealing my rectangular black plastic Android and replacing it with a similarly sized one that was basically remote desktopped into a third device that was attached to my phone.
Taps on the replacement were transmitted to the real device down the street (in my dream it was an electrostatic screen that touches a touch screen.) Biometric scanner was basically reproducing what it saw on the other end.
Once all that info was gathered by the remote device the remote desktop session ended and the phone I had was garbage and my phone was used to venmo, paypal, and bank transfer everything that it could out.
Is this possible?
The remoting into a phone, touch screen, iris scan part yes. Unsure on the fingerprints but considering you can 3D print a thumb, warm it up and press it to unlock many phones I’m guessing yes.
Is it probable?
In the scenario I dreamed, probably not. This would require a fairly good set of circumstances, someone not noticing the phone was not quite the right size, blah.
But imagine law enforcement, government, crazy soon to be exes, people or agencies who have you in detention and want access to your phone and have time to get the right phone and pass it off to you to get access to your real device unfettered.
All the trust cases we’re operating on at the moment involve that we’re the real person accessing the phone, not that we’re accessing the real phone.
Basically I dreamed a hardware assisted man in the middle attack.