Tech security researchers from Perdue University and the University of Iowa have discovered a major flaw in several popular Android-based phones allowing hackers to crack phones using wireless accessories such as wireless earbuds.
According to the report, hackers can gain access to your phone using its baseband firmware, the software designed to interface with Bluetooth and USB accessories, sending commands to the gadget asking it to reveal its unique identifiers. Once access is gained, hackers can transfer the phone to an insecure connection, subsequently allowing them to intercept calls, access the phone’s data, or even shut the phone down altogether by blocking phone network and internet access.
The vulnerability is said to affect close to a dozen major smartphone lines, including Google’s Pixel 2, Samsung’s Galaxy S8+ and Huawei’s Nexus 6P.
Researchers created a special tool which they called ‘ATFuzzer’, designed to snoop out potentially harmful commands to the baseband firmware, discovering that there were a total of 14 commands which could allow hackers to steal data or take control of the device. Various phones are said to have various vulnerabilities.
Speaking to TechCrunch, study coauthors Syed Rafiul Hussain and Imtiaz Karim explained that “the attacks can be easily carried out by an adversary with cheap Bluetooth connectors or by setting up a malicious USB charging station,” meaning close proximity is typically necessary. “If your smartphone is connected with a headphone or any other Bluetooth device, the attacker can first exploit the inherent vulnerabilities of the Bluetooth connection and then inject those malformed AT commands,” the researchers added.
Stay Alert, Stay Safe
There are a number of ways to make yourself less vulnerable to this kind of hacking, the most basic of which is promptly installing security updates to your phone as manufacturers release new updates to close vulnerabilities. Others include regularly changing your password, or simply refraining from discussing sensitive topics over the phone, and changing the privacy settings on your data. Another good idea is to avoid public USB-based chargers, if possible.