loading...

Attacking phone through BT headset

jautero profile image Juha Autero ・1 min read

I sometimes have these security research project ideas. They are too long to rweet and I'm not on security forums where to post them. Since this is my software engineering blog, I will post them here.

As I was charging my Bluetooth headset, I remembered how you shouldn't use unknown USB ports to charge your devices or at least use charging cable that doesn't have USB pins connected. In this case I was using USB charger connected to wall socket. If I don't trust that charger, I shouldn't use it at all. (Interesting side note: If you don't trust Huawei, why do you trust cheap Chinese bulk manufacturers?)

But it's just a headset, right? What use attacker could possibly have by compromising it? Well, the headset interacts with phone through bluetooth. It could attack the phone by using vulnerability in its bluetooth stack. That could be an interesting project. Write a PoC that uses vulnerability in headset's USB stack to inject code that uses vulnerability in phone's BT stack to inject code into phone.

I would use cheap headset because you probably need to take it a part to find out the hhardware and software it uses. Cheap headsets also are more likely to have poor security.

Posted on Dec 23 '19 by:

Discussion

markdown guide