Security researchers have discovered many famous Android phones can be deceived into snooping on their owners by misusing a weakness that gives accessories way to the phone’s underlying baseband software.
How Does This Work?
Attackers can use that way to deceive weak phones into giving up their identifiers, such as their IMEI and IMSI numbers.
They can downgrade a target’s connection to prevent phone calls, forward calls to a different phone or bar all phone calls and internet access entirely.
The research shared that it affects at least ten popular Android devices, involving Google’s Pixel 2, Huawei’s Nexus 6P, and Samsung’s Galaxy S8+.
The weaknesses are located in the interface used to interact with the baseband firmware.
The software that lets the phone’s modem to interact with the cell network, such as getting phone calls or connecting to the internet.
Given its value, the baseband is typically off-limits from the rest of the device, along with its apps.
And it often comes with power blacklisting to stop non-critical commands from running.
But the researchers found that several Android phones accidentally allow Bluetooth and USB accomplices like headphones and headsets to access the baseband.
By misusing a weak accessory, an attacker can control commands on a connected Android phone.
The Main Findings
In their experiment, the researchers found 14 commands that could be used to deceive the weak Android phones into leaking delicate device data and manipulating phone calls.
Although not all devices are weak, the same commands or can be manipulated identically.
The researchers discovered, for example, that some commands could deceive a Galaxy S8+ phone into giving its IMEI number, redirecting phone calls to another phone, and downgrading their cellular connection.
All of which can be managed to snoop and hear in on phone calls, such as with professional cellular snooping hardware identified as “stingrays.”
Additional devices were not weak to call manipulation but were responsive to commands that could be used to bar internet connectivity and phone calls.
The vulnerabilities are not hard to misuse but need all of the precise requirements to be met.
Co-authors of the research, Hussain and his associates Imtiaz Karim, Fabrizio Cicala, and Elisa Bertino at Purdue University and Omar Chowdhury at the University of Iowa are ready to show their findings next month.
For more updates and the latest tech news, keep reading iTMunch.