Security researchers have found that they have become vulnerable in their use of their basic software.
Attackers may use this access to trick their phones unique identifiers, such as their IMEI and IMSI numbers, downgrade to a target's connection in order to intercept phone calls, forward calls to another phone or block all phone calls and internet access altogether.
The research, shared exclusively with TechCrunch, affects at Least 10 popular Android devices, including Google's Pixel 2, Huawei's Nexus 6P, and Samsung's Galaxy S8 +.
The vulnerabilities are found in the interface to communicate with the baseband firmware , making as phone calls or connecting to the internet. Given its importance, the baseband is typically off-limits from the remainder of the device, including its apps, and often come with command. Android phones inadvertently allow Bluetooth and USB accessories ̵
"The impact of these attacks ranges from sensitive user information exposure to complete service disruption," said Syed Rafiul Hussain and Imtiaz Karim, two co-authors
Hussain and his colleagues Imtiaz Karim, Fabrizio Cicala and Elisa Bertino at Purdue University and Omar Chowdhury at the University of Iowa are here to present their findings next month.
Syed Rafiul Hussain, Imtiaz Karim
Baseband firmware accepts special commands, known as AT commands, which control the device's cellular functions. These commands can be used to tell the modem which phone number to call. But the researchers found that these commands can be manipulated. The researchers developed a tool, dubbed ATFuzzer, which tried to find problematic AT commands.
In their testing, the exploratory Android phones into leaking sensitive device data, and manipulating phone calls .
But not all devices are vulnerable to the same command. The researchers found that they had a phone call in their IMEI number, redirect phone calls to another phone and downgrade their cellular connection
The vulnerabilities are not difficult to exploit, but require
"The attacks can be easily carried out by attaching a Bluetooth connection to a USB charging station," Hussain and Karim said. In other words, it's possible to manipulate a phone. Or, if a phone is connected to a Bluetooth device, an attacker has to be in close proximity. Bluetooth devices are vulnerable to attacking others.)
"If your smartphone is connected to a headphone or any other Bluetooth device, the attacker can not exploit it The inherent vulnerabilities in the Bluetooth connection and malformed AT commands, "the researchers said ..
Samsung recognizes the vulnerabilities in some of its devices and is rolling out patches. Huawei did not comment at the time of writing. Google said: "
Hussain said that iPhones were not affected by the vulnerabilities.
This research becomes the latest to examine vulnerabilities in baseband firmware. Examining various phones and devices with baseband vulnerabilities. Although these reports are rare, security researchers have long been unable to detect silent attacks.