With privacy an increasing concern, news has broken that several popular Android phones can be exploited in order to snoop on users. A weakness in the operating system can allow access to the baseband software of certain phones, compromising their safety and security.
This is more than a minor worry, as attackers could potentially use this vulnerability in order to steal personal information. And this affects these following Android devices:
- Samsung Galaxy S8+
- Samsung Galaxy S3
- Samsung Note 2
- Huawei P8 Lite
- Huawei Nexus 6P
- Google Pixel 2
- LG G3
- LG Nexus 5
- Motorola Nexus 6
- HTC Desire 10 Lifestyle
Baseband firmware is used to enable smartphones to communicate with a cellphone network, which has a fundamental impact on central uses of mobile technology, such as connecting to the Internet and making phone calls.
For this reason, baseband is usually completely separate from the rest of a mobile device. But researchers have discovered that many Android smartphones enable Bluetooth and USB accessories to access the baseband. This then enables attackers to run commands on a connected Android phone.
Syed Rafiul Hussain and Imtiaz Karim, the two co-authors of the research, told TechCrunch that “the impact of these attacks ranges from sensitive user information exposure to complete service disruption”.
Varying vulnerability
The good news for Android users is that not all devices are vulnerable to the trick. Not all of the same commands and manipulation can be used in every case, and some smartphones are completely immune to the issue. According to the study, it would certainly take an extremely skilled person in order to take advantage of the exploit, but the fact remains that such exploitation is undoubtedly possible.
Google has acknowledged the issue and said they have already released a security patch. Samsung said it’s already working on patching its devices.