large image

Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

Pixel 2, S8 Plus and other Android phones are vulnerable to USB and Bluetooth attack, report claims

Popular Android devices can be tricked into spying on their owners via dodgy charging cables and Bluetooth speakers, according to researchers at two US universities.

Hackers can snoop on users by exploiting a weakness that gives USB and Bluetooth accessories access to the phone’s underlying software.

Related: Best smartphone

The vulnerability was revealed in a report by security researchers at Purdue University and the University of Iowa, and shared by TechCrunch.

According to TechCrunch, the issue can affect at least 10 Android phones, including the Google Pixel 2, the Huawei Nexus 6P, and the Samsung Galaxy S8 Plus.

These devices can be fooled into giving up unique identifiers such as IMEI and IMSI numbers, intercepting phone calls, forwarding calls to other phones and blocking phone calls and internet access altogether.

Attackers can do this by taking advantage of a flaw in the baseband firmware, which some Android phones give USB and Bluetooth accessories access to.

The researchers developed a tool to seek out commands and discovered “4 invalid AT command grammars over Bluetooth and 13 over USB with implications ranging from DoS, downgrade of cellular protocol version (e.g., from 4G to 3G/2G) to severe privacy leaks” which hackers could potentially access via budget Bluetooth connectors or malicious USB charging stations.

Related: Best Android phones

Luckily, the vulnerability doesn’t seem to affect any phones launched in the last year. The newest in the list are the Pixel 2 and the Galaxy S8 Plus, both of which were released in 2017. However, they’re both very big-name devices.

According to the report, Samsung has already begun to roll out patches to fix the error, while Google has said that “the issues reported are either in compliance with the Bluetooth specification or do not reproduce on Pixel devices with up to date security patches”.

Why trust our journalism?

Founded in 2004, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have millions of users a month from around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.