USB Connection Vulnerabilities on Android Smartphones: Default and Vendors' Customizations
نویسندگان
چکیده
We expose an USB vulnerability in some vendors’ customization of the android system, where the serial AT commands processed by the cellular modem are extended to allow other functionalities. We target that vulnerability for the specific vendor system and present a proof of concept of the attack in a realistic scenario environment. For this we use an apparently inoffensive smartphone charging station like the one that is now common at public places like airports. We unveil the implications of such vulnerability that culminate in flashing a compromised boot partition, root access, enable adb and install a surveillance application that is impossible to uninstall without re-flashing the android boot partition. All these attacks are done without user consent or knowledge on the attacked mobile phone.
منابع مشابه
New acquisition method based on firmware update protocols for Android smartphones
Android remains the dominant OS in the smartphone market even though the iOS share of the market increased during the iPhone 6 release period. As various types of Android smartphones are being launched in the market, forensic studies are being conducted to test data acquisition and analysis. However, since the application of new Android security technologies, it has become more difficult to acq...
متن کاملSecurity Enhancement of Android USB Debugging Mode
Till today, there are more than 1 billion smartphone users worldwide. With smartphones become more popular, more security instances have been reported. Therefore, it is important to study the security issues of smartphones and develop effective approaches to safeguard them. This research is focused on Android based systems, in particular, the security of Android Debug Bridge (ADB). As an import...
متن کاملfastboot oem vuln: Android Bootloader Vulnerabilities in Vendor Customizations
We discuss the fastboot interface of the Android bootloader, an area of fragmentation in Android devices. We then present a variety of vulnerabilities we have found across multiple Android devices. Most notable ones include Secure Boot & Device Locking bypasses in the Motorola and OnePlus 3/3T bootloaders. Another critical flaw in OnePlus 3/3T enables easy attacks by malicious chargers – the on...
متن کاملThe Android Update Problem: An Empirical Study
Many phone vendors use Android as their underlying OS, but often extend it to add new functionality and to make it compatible with their specific phones. When a new version of Android is released, phone vendors need to merge or re-apply their customizations and changes to the new release. This is a difficult and time-consuming process, which often leads to late adoption of new versions. In this...
متن کاملA Critical Evaluation of Vulnerabilities in Android OS: (Forensic Approach)
The Android platform is an open source operating system, which is widely used on Smartphones. Android operating system usage and adaptation is rapidly increasing with a variety of applications. It also, allows developers to freely access and modifies source code. The open nature of the Android platform attracts attackers to do different types of criminal activities. The android users likely to ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2014