How is it possible to hack/ steal the data of a stranger's android phone by holding it by hand for a while?



  • Several years ago I saw in my university a demonstration that someone wearing a special finger ring can transfer the data of a stranger's (android) phone to somewhere without the owner of the phone knowing anything. How is it possible?

    Is it possible to somehow check whether a phone is compromised in some way in this way?



  • Over the years there were some vulnerabilities affecting the Android Bluetooth stack (some times on all devices, some times only on devices with a specific chipset). If the vulnerability allows remote code execution then this can lead to information extraction.

    Technically a vulnerability in the NFC stack could also allow an attack as described in the question. But the NFC stack is much more simple which makes vulnerabilities less likely.

    If that special finger ring contained a Bluetooth chip triggering such a vulnerability it could make the phone to execute code that connects to a server on the internet, receive more code from this server and then allow to remotely control the phone.

    Once such vulnerabilities are found and reported to the device/chip manufacturer they usually get fixed. The main problem is that the number of used Android devices that receive regular updates is too low. Some devices never get security updates, some only every few months and the period all devices are getting updates as still shorter than people are using their devices.




Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2