USB Connection Vulnerabilities on Android Smartphones: Default and Vendors’ Customizations

Abstract : We expose an USB vulnerability in some vendors’ customization of the android system, where the serial AT commands processed by the cellular modem are extended to allow other functionalities. We target that vulnerability for the specific vendor system and present a proof of concept of the attack in a realistic scenario environment. For this we use an apparently inoffensive smartphone charging station like the one that is now common at public places like airports. We unveil the implications of such vulnerability that culminate in flashing a compromised boot partition, root access, enable adb and install a surveillance application that is impossible to uninstall without re-flashing the android boot partition. All these attacks are done without user consent or knowledge on the attacked mobile phone.
Type de document :
Communication dans un congrès
Bart Decker; André Zúquete. 15th IFIP International Conference on Communications and Multimedia Security (CMS), Sep 2014, Aveiro, Portugal. Springer, Lecture Notes in Computer Science, LNCS-8735, pp.19-32, 2014, Communications and Multimedia Security. 〈10.1007/978-3-662-44885-4_2〉
Liste complète des métadonnées

Littérature citée [9 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01404182
Contributeur : Hal Ifip <>
Soumis le : lundi 28 novembre 2016 - 14:45:41
Dernière modification le : lundi 28 novembre 2016 - 14:59:37

Fichier

978-3-662-44885-4_2_Chapter.pd...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

André Pereira, Manuel Correia, Pedro Brandão. USB Connection Vulnerabilities on Android Smartphones: Default and Vendors’ Customizations. Bart Decker; André Zúquete. 15th IFIP International Conference on Communications and Multimedia Security (CMS), Sep 2014, Aveiro, Portugal. Springer, Lecture Notes in Computer Science, LNCS-8735, pp.19-32, 2014, Communications and Multimedia Security. 〈10.1007/978-3-662-44885-4_2〉. 〈hal-01404182〉

Partager

Métriques

Consultations de la notice

58

Téléchargements de fichiers

33