• Home
  • Mobiles
  • Mobiles News
  • 'ATFuzzer' Android Baseband Security Threat Exploits Malicious Bluetooth, USB Accessories: Researchers

'ATFuzzer' Android Baseband Security Threat Exploits Malicious Bluetooth, USB Accessories: Researchers

Bluetooth headsets and speakers, and even USB chargers, might be modified to attack your phone

'ATFuzzer' Android Baseband Security Threat Exploits Malicious Bluetooth, USB Accessories: Researchers
  • The team of researchers will present a paper at an upcoming conference
  • The phones tested were older, but others might also be vulnerable
  • Manufacturers were given 90 days before the flaw was publicised

A new security exploit affecting several high-profile Android smartphones through maliciously modified Bluetooth and USB accessories has been discovered. Researchers at Purdue University and the University of Iowa have published a paper detailing how the baseband processors of several popular Android smartphones can be compromised in order to grant a an attacker wide-ranging permissions. By using specially crafted Bluetooth or USB accessories, the researchers were able to demonstrate how such modified accessories or even man-in-the-middle techniques can be used to execute instructions known as AT commands to control the baseband's functionality. The study examined multiple devices from Samsung, LG, HTC, Google, Motorola, and Huawei which are older models but still widely in use.

Amongst other things, the researchers were able to intercept IMEI numbers and network and roaming status, which can potentially be used to identify or track targets. They were also able to perform Denial of Service (DoS) attacks, disrupt Internet connectivity, and trigger functions such as DND, call forwarding, call blocking, and much more. Standard AT commands from publicly available 3GPP documentation. 

Ten devices from six manufacturers were tested; the Samsung Galaxy S8+ (Review), Google Pixel 2 (Review), Huawei Nexus 6P (Review), and Motorola Nexus 6 (Review), as well as the older Samsung Galaxy Note 2, Samsung Galaxy S3, LG G3, LG Nexus 5, HTC Desire 10 Lifestyle, and Huawei P8 Lite. Not all were found to be vulnerable to both USB and Bluetooth attack vectors. Accessories such as headsets, speakers, and even chargers could potentially be used to attack phones in this manner.

According to the research team, smartphones are not supposed to expose the AT command interface to Bluetooth and USB inputs in such a manner. The research paper is available to read, and details of the exploit itself can be found in a Github repository, as pointed out by Techcrunch. The paper will be presented at the 35th Annual Computer Security Applications Conference in December.

The affected phones used baseband processors manufactured by Qualcomm, Samsung, and HiSilicon (a subsidiary of Huawei). The researchers notified all the affected smartphone and baseband vendors, and waited the customary 90 days before going public with their findings. Samsung has committed to releasing patches for its devices. 

As always, users are cautioned that there are risks in connecting to unknown accessories or even using public chargers.  


For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Further reading: Bluetooth, Android, Security

Jamshed Avari has been working in tech journalism as a writer, editor and reviewer for over 13 years. He has reviewed hundreds of products ranging from smartphones and tablets to PC components and accessories, and has also written guides, feature articles, news and analyses. Going beyond simple ratings and specifications, he digs deep into how emerging products and services affect actual users, and what marks they leave on our cultural landscape. He's happiest when something new comes ...More

Twitter Leads in Child Abuse Content on Social Media: Report
LG Files Suit Against TCL Over Cell Phone-Related Patent

Related Stories

Share on Facebook Tweet Snapchat Share Reddit Comment




© Copyright Red Pixels Ventures Limited 2021. All rights reserved.
Listen to the latest songs, only on JioSaavn.com