https://www.theverge.com/2017/8/21/16177916/malicious-replacement-touch-screens-control-smart-phone

A new study has found that when replacement touch screens are embedded with a malicious chip, they can be used to compromise your smartphone. Ars Technica reports that a new paper, published by the Ben-Gurion University of the Negev, includes simulated attacks on two Android devices: a Huawei Nexus 6P and LG G Pad 7.0. Researchers were able to take control of the devices by using a malicious chip embedded into a third-party touch screen.

Phones with a malicious touch screen could essentially record your photos and app data, or direct users to phishing websites to exploit vulnerabilities and gain control of the device. The attack is very difficult to detect, as anti-virus programs can’t flag it and the hardware survives operating system updates and factory resets. In the study, researchers used a hot air blower on the phone’s touch controller connection to access and solder on their malicious chips. “Our attack assumes that the phone’s touch controller had been replaced with a malicious component, but that the rest of the hardware and software on the phone is authentic and trusted,” the researchers wrote.