DEV Community

Juha Autero
Juha Autero

Posted on

Attacking phone through BT headset

I sometimes have these security research project ideas. They are too long to rweet and I'm not on security forums where to post them. Since this is my software engineering blog, I will post them here.

As I was charging my Bluetooth headset, I remembered how you shouldn't use unknown USB ports to charge your devices or at least use charging cable that doesn't have USB pins connected. In this case I was using USB charger connected to wall socket. If I don't trust that charger, I shouldn't use it at all. (Interesting side note: If you don't trust Huawei, why do you trust cheap Chinese bulk manufacturers?)

But it's just a headset, right? What use attacker could possibly have by compromising it? Well, the headset interacts with phone through bluetooth. It could attack the phone by using vulnerability in its bluetooth stack. That could be an interesting project. Write a PoC that uses vulnerability in headset's USB stack to inject code that uses vulnerability in phone's BT stack to inject code into phone.

I would use cheap headset because you probably need to take it a part to find out the hhardware and software it uses. Cheap headsets also are more likely to have poor security.

Top comments (3)

Collapse
 
jrezzende profile image
jrezzende

Looking forward to see this

Collapse
 
jcsvveiga profile image
João Veiga • Edited

Do it meme

Collapse
 
jautero profile image
Juha Autero

This Hackaday article seems helpful in further investigation.