Security scientists have discovered that many famous Android smartphones can actually be tricked into intruding on their users by exploiting one weakness which provides accessories an access to the baseband software of the phone.
The attackers can then use this access to trick the phones into offering them their unique identifiers like IMSI and IMEI numbers, downgrade the connection of a target to intercept calls; forward all calls to a different device or block calls as well as internet access.
The study affects around 10 famous Android devices, which includes Google Pixel 2, Samsung Galaxy S8+ and Huawei Nexus 6P.
The scientists found these vulnerabilities in the phone’s interface which is utilized to communicate with baseband software that lets the modem of the phone communicate with cell network. The baseband software often come with blacklisting command to avoid non-integral commands from functioning. However, the scientists discovered that several Android smartphones allow USB and Bluetooth accessories to access the baseband, thus allowing an attacker to run commands on such device.
The effect of these hijacks ranges from confidential user data exposure to entire service disruption.
Notably, several papers have analysed various devices and phones with baseband firmware vulnerabilities over the years. Though these reports aren’t so common, the security scientists have still time and again warned that the hackers and intelligence agencies could use these glitches to initiate silent attacks.