Popular Android smartphones can be forced to spy on owners

Popular Android smartphones can be forced to spy on owners


Cybersecurity researchers have identified a problem with popular Android smartphones - attackers can force devices to spy on owners. To do this, a breach is used that allows accessories to access the software responsible for the interaction of the modem and cellular communications. By exploiting this loophole, attackers can force vulnerable phones to issue unique identifiers like IMEI and IMSI.
In addition, it is possible to lower the connection of the target and then: listen to calls, redirect calls to another number, block all calls and Internet connection. According to experts who discovered the attack vector, the problem affects at least 10 popular Android smartphones, including Google Pixel 2, Huawei Nexus 6P and Samsung Galaxy S8 +. Vulnerabilities were identified in the interface for interacting with software that allows the smartphone’s modem to make calls and go online (baseband). Typically, baseband works with a blacklist to prevent some commands from running.
The researchers found an interesting feature: many Android smartphones allow Bluetooth and USB accessories (for example, headphones) to access the baseband. Using this access, an attacker can run commands on the target device. “The consequences of exploiting these vulnerabilities can vary from disclosing confidential information to completely compromising the device,” the experts report.

All News

Scroll top