Demonstrations at a Black Hat Conference shows how hackers can use Belkin WeMo IoT (Internet of Things) devices can hack Android smartphones.
IoT Devices Can Be Used to Hack Android Smartphones
The IoT is no longer just an example of easily hackable devices that can be used to inflict damage to other hosts. Hackers have demonstrated during the Black Hat Europe Conference in London that they can be used as tools themselves that can hack the most widely used smart device right now – the Android phone.
Security issues that are found in Belkin WeMo appliances, which range from cameras, light bulbs, coffee machines and others, have enabled the experts from Invincea Labs to use the smart devices to successfully hack and control Android devices.
This is actually the first time when we see IoT devices that are being used actively against Android devices. The way this works is by following this scenario
The hackers use a laptop computer that is connected to the same Wi-Fi network where the Belkin WeMo devices operate. They craft packets using the UpnP (Universal Plug and Play) protocol which is used to control the devices. The packets contain web requests that interact with specific URL addresses that are enabled on the IoT appliances. The malicious instructions modify the way they work by exploiting their weakened security. For example one of the packets changes the name that the victim devices uses in communication with the network.
The way this hacks the Android devices is by using these devices as a man-in-the middle position. The WeMo appliance is controlled via the Android devices using a remote control application. One of the main variables that identify the device and its intended behavior is by the string that is manipulated by the hackers.
If the name of the device is changed to a malicious string, then it is executed on the Android devices. This in essense is the hack. This simple technique can lead to several malicious scenarios:
- Arbitrary Code Execution – The hackers make the Android device execute the injected malicious string
- Payload Delivery – HTTP GET requests can be used to download viruses, Trojans and other malware to the device
The Extent of The Damage To The Hacked Android Devices
The security researchers demonstrated that such crafted packets can download all photographs taken by the phone’s camera and upload them to remote server. Location data can also be downloaded in real time which allows for tracking the phone in real time.
The demonstrated attack can compromise only the services to which the WeMo control application has privileges. Its developers have enabled the app to access the telephone, camera, location and storage options.
The demonstration has shown that the attackers can access and manipulate the data even while the WeMo app is running in the background. The only way to get rid of an active exploit is by force quitting it from the system menu. The security experts propose that it might be possible to carry out this attack from Belkin’s cloud network.