Replacing a screen can get your phone hacked
5

After such an incident occurs, some learn to peacefully coexist with the spider web pattern on their display (if it remains functional), others just go out and buy a new handset, while quite a few people also choose to stop by a repair shop and get a replacement screen installed. Going for this third option might seem as a sensible thing to do, but it turns out that it might completely compromise the security of your phone.
In a recently-published paper, Israeli researchers from the Ben-Gurion University of the Negev highlighted the threat of malicious peripheral existing inside consumer electronics. The team was able to booby-trap a third-party smartphone replacement screen. This was done with the help of a chip that can manipulate the data transfer from the device's hardware to the software drivers within the OS.
The code found on this chip can be used to install malicious apps, replace user-selected URLs with phishing URLs, the logging of unlock patterns and keyboard inputs, and even taking pictures of the user and forwarding them via e-mail. The nasty peripheral can even turn off the power of the screen while the above actions are performed. Furthermore, the researchers claim that this "chip-in-the-middle" attack was performed with parts that cost less than $10 which can easily be mass-produced. To put the cherry on the cake, these booby-trapped displays can apparently be made to look identical to their stock counterparts and are invisible to most detection techniques, as the process is file-less.
Source: Yossi Oren via Engadget
Things that are NOT allowed: