Follow Slashdot stories on Twitter


Forgot your password?

Submission + - Android Devices Can Be Hacked via New Headphones Attack

An anonymous reader writes: The Android Security Bulletin for March 2017 contains a bugfix for a unique security flaw exploitable via the headphones audio connector that could be leveraged to leak data from the device, break ASLR, reset phones to factory settings, or even access the Android HBOOT bootloader.

The attack is carried out via a modified UART cable connected to a headphones jack, which if connected to a phone's audio connector, allows an attacker to start a FIQ debugger interface. This FIQ Debugger does not need a reboot to become active and is available and responsive to commands even if the Android OS is already up and running. This simplifies exploitation compared to similar multiplexed wired attacks. Furthermore, the FIQ debugger provides users access to a wealth of commands, not available in most debuggers. Google rated the CVE-2017-0510 vulnerability as "Critical," its highest severity rating. Similar research was carried out in 2013, when researcher accessed a phone's debugger via an USB cable without using the actual USB software.
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Android Devices Can Be Hacked via New Headphones Attack

Comments Filter:

Adding features does not necessarily increase functionality -- it just makes the manuals thicker.