Security quotes of the week

Now back when I worked in banking, if someone went to Barclays, pretended to be me, borrowed £10,000 and legged it, that was "impersonation", and it was the bank's money that had been stolen, not my identity. How did things change?

On the one hand, if you let an untrusted stranger install hardware in your electronic device, you're opening yourself up to all kinds of potential mischief; on the other hand, an estimated one in five smartphones has a cracked screen and the easiest, most efficient and cheapest way to get that fixed is to go to your corner repair-shop.

In Shattered Trust: When Replacement Smartphone Components Attack [PDF], a paper presented by four Ben Gurion University researchers at the recent 2017 Usenix Workshop on Offensive Technologies, they demonstrate that they can build add undetectable spying technology to replacement screens for as little as $10, and that once installed, these new screens would have near-total control over the device, able to harvest passwords, install apps, and send screenshots to the attacker. The screens could also exploit the device's main processor and interfere with OS-level operations.