Security researchers have discovered vulnerabilities in several older Android smartphones that they were able to exploit via USB and Bluetooth connections.
Security researchers have found a way to attack Android smartphones from various manufacturers using USB and Bluetooth connections and to manipulate their mobile connections as well as to intercept sensitive data. As researchers from Purdue University in Indiana and the University of Iowa explain in a technical article, this is a weak point in the interface with which the baseband processor of the smartphones can be controlled. It controls the device’s cellular connections and is largely separated from the rest of the system.
The researchers identified the vulnerabilities with their own program, which sent fictitious commands to the firmware of the baseband processor via a Bluetooth or USB connection between a prepared peripheral device and the smartphone. For this, devices with a simple Bluetooth connection were sufficient; according to the researchers, USB chargers could also be used as tools.
Different types of attacks were successful with ten smartphones from different manufacturers; The effects achieved ranged from selective blocking or rerouting of calls via denial-of-service conditions and forced switching to slower Internet connections to the publication of the IMEI and IMSI numbers of the devices. According to the researchers, the latter is “particularly fatal” because this information could be used to track the location of the device or to intercept calls and SMS.
Pixel 2 and Galaxy S8 + affected
The researchers tested ten different Android smartphones from six manufacturers, which turned out to be vulnerable to different degrees: the Huawei Nexus 6P and P8 Lite, Nexus 5 and G3 from LG, the Motorola Nexus 6, the HTC Desire 10 Lifestyle and Google Pixel 2. The three Samsung devices Galaxy S3, Galaxy S8 + and Note 2 were also affected.
The various attack options were not equally available for all devices , for example, only the three Samsung devices could be coaxed out of Bluetooth using the IMEI and IMSI numbers. On the other hand, the researchers apparently succeeded via USB with significantly more devices. The Android versions running on the smartphones ranged from Android 4.3 to 8.0, the models all appeared in 2017 or earlier.
The manufacturers of the devices and chips had already informed the researchers about the vulnerabilities before publication, two of the gaps were assigned the CVE numbers 2019-16400 and 2019-16401. In the meantime, Samsung has announced to TechCrunch that it intends to deliver patches, while Google emphasized that the errors on pixel devices with current security updates did not occur. Huawei has not yet commented.