• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • February 20th, 2019
  • Home
  • About Us
  • Team
  • Advertise
  • Submit News
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Google+
    • Linkedin
    • Youtube
Home » Security » Samsung Galaxy Phones Prone to Hacking via USB Cable even if Locked

Samsung Galaxy Phones Prone to Hacking via USB Cable even if Locked

April 15th, 2016 Waqas Privacy, Security 0 comments
Samsung Galaxy Phones Prone to Hacking via USB Cable even if Locked
Share on FacebookShare on Twitter

In various Samsung Galaxy devices, it is possible to send AT commands through USB cables — The most startling fact is that it is possible even if the devices are locked

You might be thinking that it is not a serious issue. But think again… don’t we leave our phones on our desks thinking that since these devices are locked so no one could access them?. Now do you understand the gravity of the issue?

According to security gurus Roberto Paleari and Aristide Fattori, the devices that we connect to our computers via USB get exposed automatically and it is also possible to make them vulnerable to exposure simply through a serial interface that is in direct link with the USB modem. It has been identified that older mobile devices such as the Samsung S4 Mini with build I9192XXUBNB1 can be accessed automatically while the newer versions need to be forced. However, in either scenario whether the phone is locked or unlocked the result would be the same.

[must url=”https://www.hackread.com/security-flaw-in-samsung-galaxy-devices/”]Security Flaw in Samsung Galaxy Devices Lets Attackers Record Phone Calls[/must]

The researchers believe that “this communication channel is active even when both USB tethering and USB debugging (i.e., ADB) are disabled, and can be accessed even when the device is locked. An attacker who gains physical access to a (possibly locked) device can thus use this interface to send arbitrary AT commands to the modem. This permits to perform several actions that should be forbidden by the lock mechanism, including placing phone calls or sending SMS messages.”

In older versions, the smartphone has to be plugged into a Linux host, which exposes it to a USB serial modem. It thus, becomes accessible through the use of the corresponding Linux device like the /dev/ttyACM0. When the connection is created, then AT commands can easily be sent and the hacker may even conduct a series of operations to exploit the device. The attacker can use the AT command AT+USBDEBUG command to enable USB debugging or the enable the wireless network, the AT+WIFIVALUE can be used.

List of vulnerable devices:

SM-G920F, build G920FXXU2COH2 (Galaxy S6)
SM-N9005, build N9005XXUGBOK6 (Galaxy Note 3)
GT-I9192, build I9192XXUBNB1 (Galaxy S4 mini)
GT-I9195, build I9195XXUCOL1 (Galaxy S4 mini LTE)
GT-I9505, build I9505XXUHOJ2 (Galaxy S4)

To analyze and prove the attack possibility, the security experts developed a proof-of-concept too.

Samsung lock bypass(vanilla fw,no other apps).Simple trick,no ninja exploit.Not sure if bug or feature /cc @joystick pic.twitter.com/xsQ3NkghVS

— Roberto Paleari (@rpaleari) December 10, 2015

[fullsquaread][/fullsquaread]

On several Samsung phone models, unprivileged applications can
perform "stealth calls" (i.e., with no visible clue) pic.twitter.com/cMJWcqZ0yg

— Roberto Paleari (@rpaleari) February 22, 2016

They acknowledged in their write-up that: “For our PoC we developed a very rough C tool, USB switcher, that switches any attached Samsung device to USB configuration #2 (this is fine for the devices we tested, but your mileage might vary). The tool uses libusb to do the job, but the same task can probably be accomplished using the /sys/bus/usb pseudo-filesystem.”

“The trick we used to force the phone to switch the configuration is to first reset the USB device (via usb_reset()), and then switching the configuration (via usb_set_configuration()). Sometimes it doesn’t work on the first try, so just run Usb switcher twice to ensure the configuration is switched properly :-)”

While the technique for exploiting new devices is a bit more complex. The researchers explain that exploiting this sort of vulnerability in new smartphone or firmware versions such as the Samsung S4 and

S6 isn’t that easy and straightforward because “in the default configuration, when the device is connected it exposes to the host only an MTP interface, used for file transfer.”

But the experts identified that the modem can still be accessed by an attacker simply by: “switching to secondary USB configuration. As an example, consider our test Galaxy S6 device. When USB debugging is off, the device exposes two USB configurations, with the CDC ACM modem accessible via configuration number 2.”

In case you are wondering how the attacker can benefit from this trick then for your information access to modems allows attackers to send a text message and make phone calls even if the device is locked. Such as using the AT command ATD+123456 will allow the attacker to call +123456.

  • Tags
  • Android
  • Flaw
  • hacking
  • Samsung
  • security
  • Smartphones
  • USB
  • Vulnerability
Facebook Twitter Google+ LinkedIn Pinterest
Previous article Sweden Says its critical infrastructure was under Attack by Russian Hackers
Next article Sorry Folks Range Rover Sport 2016 Give Away is a Facebook Scam
Waqas

Waqas

Waqas Amir is a UK-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.

Related Posts
Severe flaws in password managers let hackers extract clear-text passwords

Severe flaws in password managers let hackers extract clear-text passwords

Download Kali Linux 2019.1 with Metasploit 5.0

Download Kali Linux 2019.1 with Metasploit 5.0

Rietspoof malware distributes ransomware via messaging apps

Rietspoof malware distributes ransomware via messaging apps

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

LATEST POSTS
Severe flaws in password managers let hackers extract clear-text passwords
Security

Severe flaws in password managers let hackers extract clear-text passwords

Feb 20th, 2019 163
Download Kali Linux 2019.1 with Metasploit 5.0
Downloads

Download Kali Linux 2019.1 with Metasploit 5.0

Feb 19th, 2019 878
Rietspoof malware distributes ransomware via messaging apps
Security

Rietspoof malware distributes ransomware via messaging apps

Feb 19th, 2019 510
Most & least radiation emitting smartphones in 2019
Technology News

Most & least radiation emitting smartphones in 2019

Feb 18th, 2019 1726

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in Milan, Italy.

Follow us