Q&A: Explaining how the Nexus One was used to take control of a host computer
Two researchers from George Mason University, Dr. Angelos Stavrou, and Zhaohui Wang, have demonstrated the ability to use a smartphone (a Nexus One, but Dr. Stavrou says this applies to the iPhone as well) as a HID (Human Input Device) via USB. Simply put, just plugging the phone into a computer causes it to act as a mouse or keyboard, with no server on the computer in question, and offers little or no warning on the computer screen.
Usually we would call something like this one one helluva cool hack, but there's a scary side, too. The exploit could be made viral, on Windows, Mac, and Linux. According to Dr. Stavrou;
That caught our attention, so we reached out to Dr. Stavrou, who was kind enough to answer a few questions for us. Read the rest, after the break. [CNet]
How is this different from existing applications that turn your Android smartphone into a HID via WiFi, Bluetooth, or USB?
Applications you download from the Android market that appear to do the same thing, require a server component to be installed on your computer. This exploit not only doesn't need input on the computer side, it also can pass itself on to the host computer, infecting it with the components needed to compromise the next phone you plug in.. Think when you plug your USB mouse into a computer -- the little pop-up you see in the system tray (Windows, Mac -- Linux gives no notification by default) is all the warning you'll get. A few seconds later the phone can control the computer, just like the "real" peripherals can.
Does your exploit disable screen locks on the affected computer?
This is relieving, but the guy at the airport that asks if he can charge his phone from your laptop could also (in theory) download and install something a good bit worse -- like a keylogger.
Be an expert in 5 minutes
Get the latest news from Android Central, your trusted companion in the world of Android
Does this exploit give any more power or tools to an attacker than the physical keyboard or mouse that's attached to the computer in question?
Things get a little hairy here. Your new airport buddy could also be grabbing, and analyzing your data by pretending to be a USB wireless card, or trying to run exploits against your computer OS. And finally, the coolest part of the exploit, but also the bit that's most interesting to Android fans;
USB host is cool to play with. Doing pointless, geeky things like having a 250 GB USB hard drive hooked up to your phone is part of the fun thing about having an Android phone. These fellows have went a step further and have one phone mounted as a USB device on the other phone. I know we're supposed to take this seriously, but guess what I'm going to try next time I have a bit of free time?
In all seriousness, any bit of code that runs on it's own and can transmit itself from one machine to another isn't a good thing. But this particular exploit requires you to have physical access to a computer, so it's use case isn't very broad. It's modifying the running kernel on your smartphone, so root privileges are needed to inject the code, and if you're rooted you should be using the Superuser.apk to warn you about that when it first happens. And since it is done over a USB cable, you're at most 3 feet from the actual keyboard and mouse. Don't let random strangers, goofy roommates, or ex-girlfriends use your USB connectors, and things will probably be OK.
Jerry is an amateur woodworker and struggling shade tree mechanic. There's nothing he can't take apart, but many things he can't reassemble. You'll find him writing and speaking his loud opinion on Android Central and occasionally on Threads.