USB Connection Vulnerabilities on Android Smartphones: Default and Vendors’ Customizations

  • André Pereira
  • Manuel Correia
  • Pedro Brandão
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8735)


We expose an USB vulnerability in some vendors’ customization of the android system, where the serial AT commands processed by the cellular modem are extended to allow other functionalities. We target that vulnerability for the specific vendor system and present a proof of concept of the attack in a realistic scenario environment. For this we use an apparently inoffensive smartphone charging station like the one that is now common at public places like airports. We unveil the implications of such vulnerability that culminate in flashing a compromised boot partition, root access, enable adb and install a surveillance application that is impossible to uninstall without re-flashing the android boot partition. All these attacks are done without user consent or knowledge on the attacked mobile phone.


Android Security USB vulnerability privileges escalation vendor vulnerabilities 


  1. 1.
    Android Pushes Past 80% Market Share While Windows Phone Shipments Leap 156.0% Year Over Year in the Third Quarter, According to IDC - prUS24442013,
  2. 2.
    Wu, L., Grace, M., Zhou, Y., Wu, C., Jiang, X.: The impact of vendor customizations on android security. In: Proc. 2013 ACM SIGSAC Conf. Comput. Commun. Secur., CCS 2013, pp. 623–634 (2013)Google Scholar
  3. 3.
    Technical Specification Group Terminals: AT command set for 3GPP User Equipment (UE) (3G TS 27.007 version 2.0.0) 4, 17–18 (1999)Google Scholar
  4. 4.
    Mulliner, C., Liebergeld, S., Lange, M., Seifert, J.-P.: Taming Mr Hayes: Mitigating signaling based attacks on smartphones. In: IEEE/IFIP Int. Conf. Dependable Syst. Networks (DSN 2012), pp. 1–12 (2012)Google Scholar
  5. 5.
    Singh, A.J., Bhardwaj, A.: Android Internals and Telephony. Int. J. Emerg. Technol. Adv. Eng. 4, 51–59 (2014)Google Scholar
  6. 6.
    Module, H.: Android RIL Integration Guide- Huawei (2014)Google Scholar
  7. 7.
    Odin 3.09 - Odin download with Samsung ROM Flashing Tool,
  8. 8.
    Heimdall | Glass Echidna,
  9. 9.
    Security Enhancements in Android 4.3 | Android Developers,
  10. 10.
    Android Debug Bridge | Android Developers,
  11. 11.
    Vidas, T., Cylab, E.C.E., Votipka, D., Cylab, I.N.I., Christin, N.: All Your Droid Are Belong To Us: A Survey of Current Android Attacks. In: WOOT (2011)Google Scholar
  12. 12.
    SuperOneClick Root v2.3.3,
  13. 13.
  14. 14.
    pywinauto - Windows GUI automation using Python - Google Project Hosting,
  15. 15.
    Hoog, A.: Android Forensics: Investigation, Analysis and Mobile Security for Google Android. Elsevier (2011)Google Scholar
  16. 16.
  17. 17.
  18. 18.
  19. 19.
    Gargenta, M.: Learning Android. O’Reilly Media, Inc. (2011)Google Scholar
  20. 20.

Copyright information

© IFIP International Federation for Information Processing 2014

Authors and Affiliations

  • André Pereira
    • 1
  • Manuel Correia
    • 1
  • Pedro Brandão
    • 2
  1. 1.Center for Research in Advanced Computing Systems (CRACS-INESC LA)Portugal
  2. 2.Instituto de Telecomunicações, FCUP/UPPortugal

Personalised recommendations