Creating and sharing knowledge for telecommunications

USB connection vulnerabilities on Android smartphones: default and vendors’ customizations

Pereira, A. P. ; Correia, E.Correia ; Brandão, P.

USB connection vulnerabilities on Android smartphones: default and vendors’ customizations, Proc IFIP TC6 and TC11 Joint IFIP TC6 and TC11 Conf. on Communications and Multimedia Security - CMS, Aveiro, Portugal, Vol. NA, pp. NA - NA, September, 2014.

Digital Object Identifier: 10.1007/978-3-662-44885-4_2

Abstract
We expose an USB vulnerability in some vendors’ customization of the android system, where the serial AT commands processed by the cellular modem are ex-tended to allow other functionalities. We target that vulnerability for the specific vendor system and present a proof of concept of the attack in a realistic scenario environment. For this we use an apparently inoffensive smartphone charging sta-tion like the one that is now common at public places like airports. We unveil the implications of such vulnerability that culminate in flashing a compromised boot partition, root access, enable adb and install a surveillance application that is im-possible to uninstall without re-flashing the android boot partition. All these at-tacks are done without user consent or knowledge on the attacked mobile phone.