Where there’s an internet connection, there are clever hackers looking to exploit users. This isn’t just limited to computers — all our connected devices are at risk.
Mobile phone hacks, for the most part, have been limited to malware that fills your phone with ads or software that spies on you. Click or tap to learn about another massive hack that’s been targeting iPhones for years.
These methods rely on tricking users into downloading the offending software because, until now, it’s been too difficult to hack phones remotely. But all that has changed thanks to a discovery by security researchers at Purdue University.
Hackers can access the phone’s direct connection to its carrier — opening the doors for stronger spying and service shutdowns. If you use an Android phone, here’s what you need to know about this scary new security vulnerability.
Android exploit grants hackers access to your phone’s baseband
According to an exclusive report from TechCrunch, security researchers at Purdue University and the University of Iowa have discovered a security flaw that can allow hackers to access one of the deepest parts of an Android phone: the baseband. This system is how a phone makes a connection to its carrier and is responsible for the voice and data networking of any smartphone.
By accessing the baseband of a phone, hackers can obtain unique device identifiers like the IMEI and IMSI numbers — long strings of numbers used during the activation process to tie you to your carrier.
With these numbers in hand, hackers can potentially intercept phone calls, forward calls to a different phone or completely block all calls and internet access.
The flaw itself comes from the way affected phones handle Bluetooth devices and USB accessories. The baseband system on a phone is usually inaccessible to users, but some Bluetooth and USB gadgets communicate with it to establish a connection.
The researchers speculate hackers armed with cheap Bluetooth devices could use this connection to intercept a nearby smartphone. Criminals can also use USB chargers to inject a malicious payload into a target phone.
The research team has pledged to present its findings to the public in the coming weeks. Meanwhile, Samsung has begun rolling out patches to affected models. Google says up-to-date Pixel devices shouldn’t be affected by the exploit. Apple claims its phones are not impacted, either. Huawei did not respond to TechCrunch’s request for comment.
Am I affected? What can I do?
The complete list of affected phones has not yet been disclosed. But the researchers revealed 10 popular Android devices are affected, including Google’s Pixel 2, Huawei’s Nexus 6P and Samsung’s Galaxy S8+.
If you have one of these phones or a similar model, your best bet is to keep your phone up to date with the latest firmware updates, as well as the latest version of Android.
To update, open the Settings app on your phone (the one with the gear-shaped icon). Near the bottom of the page you arrive at, tap on System, then tap Advanced and finally System Update. If you’re on an older version of Android, you can open Settings, then System and tap About this phone if you don’t see an option for Advanced.
Check for the latest update, and download it if it’s available. Be sure to follow any instructions that appear on your screen carefully, and stay plugged into power to prevent your device from powering off mid-update.