To ensure that the gadgets running Android regularly appear viruses and different kinds of vulnerabilities that allow hackers and other dishonest people to steal your personal data, we have long been accustomed. However, not so long ago a group of researchers working in the area of cyber security, discovered an exploit that allows Bluetooth and USB accessories to access some parameters of the smartphone, enabling them to monitor users.
How to hack a smartphone via Bluetooth and USB
In both cases, the “front door” is a modem smartphone. According to the researchers, this exploit is possible due to the fact that some Android smartphones allow Bluetooth and USB accessories, such as headsets, to communicate to the modem device, which usually cannot be achieved by other variants of hacking. For example, with viruses.
Once the phone was compromised, an attacker can cause several types of failures: complete blocking of all incoming telephone calls, selective call blocking, call forwarding to another number, disable cell Internet connection, the interception of telephone calls and text messages, and track location and activity.
But how did this happen? Modem firmware, which should only accept special commands (called the AT commands), were deceived hacker app ATFuzzer, developed specifically for this purpose. So don’t worry. Yet you are safe. Using ATFuzzer, experts found 14 teams that worked on 10 different Android smartphones from six different vendors. Moreover, the program easily can be embedded internally ON accessories. To download anything from the Internet don’t even have.
In some cases the effects were minor — for example, on the Nexus 5, and Pixel 2 could be off the Internet. The worst usage was demonstrated on three smartphones from Samsung — Galaxy Note 2, Galaxy S3 and Galaxy S8+. After installation ATFuzzer, from smartphones could steal their IMEI-addresses, block all phone calls and text messages, and to intercept them. Well, do not forget that the location tracking is also possible without difficulty.
The research team says the reason for this is the inability of the processors of the modems to correctly analyze and filter out anomalous commands. And the only way to guard against this type of attack is to completely remove access Bluetooth and USB to the modem. But it is necessary to shovel all code firmware smartphone.
See also: a Few programs from Play Store were infected. Immediately remove them from your smartphone!
Fortunately, there is a silver lining. Since the exploit works through a Bluetooth wireless connection or a physical USB, Android owners can easily avoid this situation, without connecting their smartphones to suspicious or unknown accessories, such as charging stations, which are frequently encountered in shopping malls or cafes. With the exception of the Galaxy S8+ and Pixel 2 (which is about two years), the rest of affected phones is quite old. But if you happen to own such a device or know someone who is still using these old devices, then tell them about it and recommend to subscribe to our Telegram canalthat they first learned the most important news.
As for the manufacturers of the devices mentioned in the study, they were informed about the vulnerabilities. In response to the request of TechCrunch, for example, Samsung said that the relevant patches will be released “very soon”. Google answered about the same, but Huawei did not comment on the situation.