Researchers at Purdue University and the University of Iowa have published a paper detailing how the baseband processors of many popular Android smartphones can be compromised to provide attacker wide-wide permissions.
ATFuzzer' Android Baseband
Using specially crafted Bluetooth or USB accessories, researchers were able to demonstrate that such modified stuff or even to execute instructions known as AT commands to control the functionality of the baseband How in-the-mid-in techniques can be used.
The study examined several devices from Samsung, LG, HTC, Google, Motorola and Huawei which are older models but still widely in use.
Among other things, researchers were able to intercept IMEI number and network and roaming status, which could possibly be used to identify or track targets. They were able to perform Denial of Service (DoS) attacks,
interrupt internet connectivity and trigger actions such as DND, call forwarding, call blocking and more. Standard AT commands from publicly available 3GPP documentation.
Ten instruments from six manufacturers were tested; Samsung Galaxy S8 + (review), Google Pixel 2 (review),
Huawei Nexus 6P (review), and Motorola Nexus 6 (review), as well as older Samsung Galaxy Note 2, Samsung Galaxy S3, LG G3, LG Nexus 5, HTC Desire 10 Lifestyle, and Huawei P8 Lite.
Not found to be vulnerable to all USB and Bluetooth attack vectors. Accessories like a headset, speaker and even charger can be used to attack the phone in this way.
According to the research team, the AT command interface in smartphones for smartphone and USB input is not exposed in this way.
The research paper is available for reading, and details of the exploitation can be found in the Github repository itself, as reported by TechCrunch.
The paper will be presented at the 35th Annual Computer Security Applications Conference in December.
The affected phones used baseband processors manufactured by Qualcomm, Samsung and HiSilicon (a subsidiary of Huawei).
The researchers informed all affected smartphone and baseband vendors, and waited 90 days customary before going public with their findings. Samsung has committed to release patches for its devices.
As always, users are cautioned that there are risks in connecting with unknown goods or using public chargers.
Post a Comment