Security researchers have discovered vulnerabilities in several older Android smartphones that were able to exploit via USB and Bluetooth connections.
The researchers identified the vulnerabilities with their own program, which sent fictitious commands to the firmware of the baseband processor through Bluetooth or USB connection between a prepared peripheral device and the smartphone. For this, devices with a simple Bluetooth connection were sufficient; according to the researchers, USB chargers could also be used as tools. Different types of attacks were successful with some smartphones from different manufacturers; The effects achieved selective blocking or rerouting of calls via denial-of-service conditions and forced switching to slower internet connections to the publication of the numbers of the devices.
The researchers tested different Android smartphones from some manufacturers, which turned out to be vulnerable to different degrees: the Huawei Nexus 6P, Nexus 5 and G3 from LG and the HTC Desire 10 Lifestyle. The Samsung devices Galaxy S8 plus and Note 2 were also affected. The various attack options were not equally available for all devices, only the Samsung devices could be coaxed out of Bluetooth using the IMEI numbers. By contrast, the researchers apparently succeeded via USB with significantly more devices. The Android versions running on the smartphones ranged from Android 8.0, the models all appeared 2 years ago or earlier. The manufacturers of the devices and chips had informed the researchers about the vulnerabilities before publication, two of the gaps were assigned the CVE numbers. In the meantime, Samsung announced that it wanted to deliver patches, while Google emphasized that the errors on pixel devices with current security updates did not occur. Huawei has not yet commented.
Not Only Private Individuals Are Affected By Smartphone Hacks
According to Security Report 2020, around 25 percent of organizations were affected by cyberattacks on mobile devices last year.IT specialists see the causes of the vulnerability of mobile devices in two main ways: First, mobile devices are more difficult to protect. Second, mixed professional and private use poses a significant risk. For example, mobile devices are at risk from logging into untrustworthy WLAN networks. In public places such as airports, hackers use a free airport WLAN to trick users logging into unsecured networks. In addition, the constantly switched on mobile devices are right at the front with regard to phishing emails. Because the devices are constantly on, recipients usually receive them there first and swallow the bait of legitimate-looking emails faster on their smartphones.
