Tomcat
Professional
- Messages
- 2,687
- Reaction score
- 1,036
- Points
- 113
Security researchers from the Universities of Purdue and Iowa (USA) have discovered vulnerabilities in several popular Android phones, exploiting which an attacker can gain access to the firmware of the radio module (baseband) using accessories.
Criminals can trick vulnerable phones into disclosing unique identifiers such as IMEI and IMSI numbers, force a smartphone to use an insecure connection to intercept phone calls, forward calls, or block all phone calls and Internet access altogether.
The problem affects at least 10 popular Android devices, including the Google Pixel 2, Huawei Nexus 6P, and Samsung Galaxy S8 Plus, according to the researchers.
Vulnerabilities were found in the interface used to communicate with the firmware of the radio module, which allows the phone's modem to interact with the cellular network - to make phone calls or connect to the Internet. This software is usually isolated from other applications and often comes with a command blacklist to prevent unimportant commands from being run. Some phones inadvertently provide Bluetooth and USB accessories such as headphones and headsets with access to the radio's firmware, the researchers report. Using vulnerable accessories, an attacker can execute commands on connected Android smartphones.
"The impact of these attacks ranges from disclosing sensitive user information to complete denial of service," the researchers said.
The firmware of the radio module is capable of receiving special AT commands that control the cellular functions of the device. The researchers found that commands can be manipulated. During testing, researchers found 14 commands that can be used to trick vulnerable Android phones, steal sensitive data, and control calls.
The attacks could use cheap Bluetooth connectors or malicious USB charging stations, the researchers explained. Thus, an attacker can manipulate a smartphone using a computer (if the accessory is accessible via the Internet) or through a connection to a Bluetooth device (for this, the attacker must be in close proximity to him).
"If a smartphone is connected to a headset or any other Bluetooth device, an attacker can first exploit vulnerabilities in the Bluetooth protocol and then inject malicious AT commands," the researchers noted.
Samsung has recognized the presence of vulnerabilities in some of its products and is already preparing to release the corresponding patches. Huawei has not commented on the situation in any way, and Google representatives noted that the described problems are either in accordance with the Bluetooth specification or not reproducible on Pixel devices with current security updates installed.
