Pixel 2, S8 Plus and other Android phones are vulnerable to USB and Bluetooth attack, report claims
Popular Android devices can be tricked into spying on their owners via dodgy charging cables and Bluetooth speakers, according to researchers at two US universities.
Hackers can snoop on users by exploiting a weakness that gives USB and Bluetooth accessories access to the phone’s underlying software.
Related: Best smartphone
The vulnerability was revealed in a report by security researchers at Purdue University and the University of Iowa, and shared by TechCrunch.
According to TechCrunch, the issue can affect at least 10 Android phones, including the Google Pixel 2, the Huawei Nexus 6P, and the Samsung Galaxy S8 Plus.
These devices can be fooled into giving up unique identifiers such as IMEI and IMSI numbers, intercepting phone calls, forwarding calls to other phones and blocking phone calls and internet access altogether.
Attackers can do this by taking advantage of a flaw in the baseband firmware, which some Android phones give USB and Bluetooth accessories access to.
The researchers developed a tool to seek out commands and discovered “4 invalid AT command grammars over Bluetooth and 13 over USB with implications ranging from DoS, downgrade of cellular protocol version (e.g., from 4G to 3G/2G) to severe privacy leaks” which hackers could potentially access via budget Bluetooth connectors or malicious USB charging stations.
Related: Best Android phones
Luckily, the vulnerability doesn’t seem to affect any phones launched in the last year. The newest in the list are the Pixel 2 and the Galaxy S8 Plus, both of which were released in 2017. However, they’re both very big-name devices.
According to the report, Samsung has already begun to roll out patches to fix the error, while Google has said that “the issues reported are either in compliance with the Bluetooth specification or do not reproduce on Pixel devices with up to date security patches”.