Popular Android phones can be tricked into snooping on their owners

From Tech Crunch.com (Nov. 8):

Security researchers have found several popular Android phones can be tricked into snooping on their owners by exploiting a weakness that gives accessories access to the phone’s underlying baseband software.

Attackers can use that access to trick vulnerable phones into giving up their unique identifiers, such as their IMEI and IMSI numbers, downgrade a target’s connection in order to intercept phone calls, forward calls to another phone or block all phone calls and internet access altogether.

The research, shared exclusively with TechCrunch, affects at least 10 popular Android devices, including Google’s Pixel 2, Huawei’s Nexus 6P and Samsung’s Galaxy S8+.

The vulnerabilities are found in the interface used to communicate with the baseband firmware, the software that allows the phone’s modem to communicate with the cell network, such as making phone calls or connecting to the internet. Given its importance, the baseband is typically off-limits from the rest of the device, including its apps, and often come with command blacklisting to prevent non-critical commands from running. But the researchers found that many Android phones inadvertently allow Bluetooth and USB accessories — like headphones and headsets — access to the baseband. By exploiting a vulnerable accessory, an attacker can run commands on a connected Android phone. [read more]