Researchers Find Security Vulnerabilities in Popular Android Phones

Security researchers from Purdue University and the University of Iowa (USA) have discovered vulnerabilities in several popular Android phones. By exploiting these flaws, attackers can gain access to the baseband firmware (the radio module) using accessories. Criminals can trick vulnerable phones into revealing unique identifiers such as IMEI and IMSI numbers, force the smartphone to use insecure connections to intercept calls, redirect calls, or even block all phone calls and internet access.

Which Devices Are Affected?

According to the researchers, the problem affects at least 10 popular Android devices, including the Google Pixel 2, Huawei Nexus 6P, and Samsung Galaxy S8 Plus.

How Do the Vulnerabilities Work?

The vulnerabilities were found in the interface used to communicate with the baseband firmware, which allows the phone’s modem to interact with the cellular network for making calls or connecting to the internet. This software is usually isolated from other apps and often comes with a blacklist of commands to prevent unauthorized actions. However, the researchers found that some phones unintentionally grant Bluetooth and USB accessories—such as headphones and headsets—access to the baseband firmware. By exploiting vulnerable accessories, an attacker can execute commands on connected Android smartphones.

Potential Impact of the Attacks

“The impact of these attacks ranges from disclosure of sensitive user information to complete denial of service,” the researchers reported.

The baseband firmware can accept special AT commands that control the device’s cellular functions. The researchers discovered that these commands can be manipulated. During testing, they identified 14 commands that could be used to trick vulnerable Android phones, steal confidential data, and control calls.

How Can the Attacks Be Carried Out?

The researchers explained that cheap Bluetooth connectors or malicious USB charging stations could be used for these attacks. This means an attacker could manipulate a smartphone using a computer (if the accessory is accessible via the internet) or by connecting to a Bluetooth device (which requires the attacker to be nearby).

“If a smartphone is connected to a headset or any other Bluetooth device, an attacker could first exploit vulnerabilities in the Bluetooth protocol and then inject malicious AT commands,” the researchers noted.

Company Responses

• Samsung has acknowledged the vulnerabilities in some of its products and is preparing patches to address them.
• Huawei has not commented on the situation.
• Google stated that the described issues are either in line with the Bluetooth specification or do not occur on Pixel devices with the latest security updates installed.