Vulnerability Found In Major Manufacturers Of Android Phones 

September 7, 2018

Written by wukovits

vulnerability found in major manufacturers of android phonesResearchers operating out of the University of Florida, Stony Brook University and Samsung Research America have made a disturbing discovery. Millions of Android smartphones manufactured by eleven different OEMs (Original Equipment Manufacturers) were found to be vulnerable to attack via AT Commands.

If you’re not sure what an “AT Command” is, you’re not alone. Part of the Hayes Command Set, ATtention Commands were developed in the early 1980s and designed to be transmitted via phone lines to issue commands to modems.

Most people aren’t even aware of the fact that their high-tech smartphones contain a basic modem within them, which allows the high-tech wonder to connect to the internet. While AT Commands have been standardized, many vendors have added custom AT Commands to their devices, and unfortunately, these commands can control a surprising variety of advanced features including the built-in camera and the touchscreen interface.

The AT Commands can be accessed via the phone’s USB interface. This means that a would-be attacker would have to gain physical access to the device, or place a malicious component inside a user’s charger, charging station, or USB dock.

Once a hacker is connected in this manner to the victim’s phone, he could use one of the AT Commands to steal data, unlock the screen, mimic touchscreen events, or even rewrite the phone’s firmware.

The research team has complied a database of phone models and firmware versions that are vulnerable to this type of attack. They have contacted all the vendors, and are continuing their testing.

Initially, the team tested AT Commands via the USB interface. Phase two of the research will test to see if those commands can be issued via WiFi or Bluetooth connections. The team has also published the Shell script they used in their original testing, available on GitHub.

So far, none of the OEMs contacted have released any information or given a timetable for a fix.

Used with permission from Article Aggregator

Bayou Tech

We provide solutions for your business. Find out how we can help.

Related Articles

Key Considerations for Effective Cybersecurity Implementation

Consider this: In the realm of cybersecurity, things often get tangled in the web of "you should do it anyway" arguments. Yet, for busy business owners bombarded with daily "must-dos," deciphering the essentials from the fluff can feel like a cyber maze. We aim to...

New Graphene Technology May Increase Hard Drive Storage

HDDs are old, well understood technology. They haven't changed much in recent years. In fact, increasingly, people are writing them off, preferring SSDs for their greater speed and smaller size, even though HDDs are less expensive. The clever folks at the University...