DEV Community

loading...

Attacking phone through BT headset

jautero profile image Juha Autero ・1 min read

I sometimes have these security research project ideas. They are too long to rweet and I'm not on security forums where to post them. Since this is my software engineering blog, I will post them here.

As I was charging my Bluetooth headset, I remembered how you shouldn't use unknown USB ports to charge your devices or at least use charging cable that doesn't have USB pins connected. In this case I was using USB charger connected to wall socket. If I don't trust that charger, I shouldn't use it at all. (Interesting side note: If you don't trust Huawei, why do you trust cheap Chinese bulk manufacturers?)

But it's just a headset, right? What use attacker could possibly have by compromising it? Well, the headset interacts with phone through bluetooth. It could attack the phone by using vulnerability in its bluetooth stack. That could be an interesting project. Write a PoC that uses vulnerability in headset's USB stack to inject code that uses vulnerability in phone's BT stack to inject code into phone.

I would use cheap headset because you probably need to take it a part to find out the hhardware and software it uses. Cheap headsets also are more likely to have poor security.

Discussion (3)

pic
Editor guide
Collapse
jrezzende profile image
jrezzende

Looking forward to see this

Collapse
jcsvveiga profile image
Collapse
jautero profile image
Juha Autero Author

This Hackaday article seems helpful in further investigation.