Blog Archive

Powered by Blogger.

Recent Posts

Blog Archive

Like US On Facebook

Followers

Total Pageviews

Saturday, April 23, 2016

postheadericon Samsung Galaxy Phones Prone to Hacking via USB Cable even if Locked

1:54 PM | | Edit Post

Samsung Galaxy Phones Prone to Hacking via USB Cable even if Locked 

In various Samsung Galaxy devices, it is possible to send AT commands through USB cables — The most startling fact is that it is possible even if the devices are locked

You might be thinking that it is not a serious issue. But think again… don’t we leave our phones on our desks thinking that since these devices are locked so no one could access them?. Now do you understand the gravity of the issue?

According to security gurus Roberto Paleari and Aristide Fattori, the devices that we connect to our computers via USB get exposed automatically and it is also possible to make them vulnerable to exposure simply through a serial interface that is in direct link with the USB modem. It has been identified that older mobile devices such as the Samsung S4 Mini with build I9192XXUBNB1 can be accessed automatically while the newer versions need to be forced. However, in either scenario whether the phone is locked or unlocked the result would be the same.
must readSecurity Flaw in Samsung Galaxy Devices Lets Attackers Record Phone Calls
The researchers believe that “this communication channel is active even when both USB tethering and USB debugging (i.e., ADB) are disabled, and can be accessed even when the device is locked. An attacker who gains physical access to a (possibly locked) device can thus use this interface to send arbitrary AT commands to the modem. This permits to perform several actions that should be forbidden by the lock mechanism, including placing phone calls or sending SMS messages.”
In older versions, the smartphone has to be plugged into a Linux host, which exposes it to a USB serial modem. It thus, becomes accessible through the use of the corresponding Linux device like the /dev/ttyACM0. When the connection is created, then AT commands can easily be sent and the hacker may even conduct a series of operations to exploit the device. The attacker can use the AT command AT+USBDEBUG command to enable USB debugging or the enable the wireless network, the AT+WIFIVALUE can be used.
List of vulnerable devices:
SM-G920F, build G920FXXU2COH2 (Galaxy S6)
SM-N9005, build N9005XXUGBOK6 (Galaxy Note 3)
GT-I9192, build I9192XXUBNB1 (Galaxy S4 mini)
GT-I9195, build I9195XXUCOL1 (Galaxy S4 mini LTE)
GT-I9505, build I9505XXUHOJ2 (Galaxy S4)

Source  : https://www.hackread.com
Labels:

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)