Vulnerability Found In Major Manufacturers Of Android Phones 

September 7, 2018

Written by wukovits

Researchers operating out of the University of Florida, Stony Brook University and Samsung Research America have made a disturbing discovery. Millions of Android smartphones manufactured by eleven different OEMs (Original Equipment Manufacturers) were found to be vulnerable to attack via AT Commands.

If you’re not sure what an “AT Command” is, you’re not alone. Part of the Hayes Command Set, ATtention Commands were developed in the early 1980s and designed to be transmitted via phone lines to issue commands to modems.

Most people aren’t even aware of the fact that their high-tech smartphones contain a basic modem within them, which allows the high-tech wonder to connect to the internet. While AT Commands have been standardized, many vendors have added custom AT Commands to their devices, and unfortunately, these commands can control a surprising variety of advanced features including the built-in camera and the touchscreen interface.

The AT Commands can be accessed via the phone’s USB interface. This means that a would-be attacker would have to gain physical access to the device, or place a malicious component inside a user’s charger, charging station, or USB dock.

Once a hacker is connected in this manner to the victim’s phone, he could use one of the AT Commands to steal data, unlock the screen, mimic touchscreen events, or even rewrite the phone’s firmware.

The research team has complied a database of phone models and firmware versions that are vulnerable to this type of attack. They have contacted all the vendors, and are continuing their testing.

Initially, the team tested AT Commands via the USB interface. Phase two of the research will test to see if those commands can be issued via WiFi or Bluetooth connections. The team has also published the Shell script they used in their original testing, available on GitHub.

So far, none of the OEMs contacted have released any information or given a timetable for a fix.

Used with permission from Article Aggregator

Related Articles

Some Amazon Device Features May Have Security Risks

Have you heard of Amazon Sidewalk? If not, it's definitely something you should be aware of. Depending on your point of view, the new feature, which was enabled by default on a wide range of Amazon devices by default on June 8 of this year (2021) is either...

Email Unsubscribe Scam Can Easily Fool Any User

Scammers are increasingly relying on a tried and true bit of social engineering to fool unsuspecting users into unwittingly signing up to receive a flood of additional spam email. They accomplish this by blasting out an email asking recipients if they wish to...

Update VMWare Software Immediately To Avoid Possible Attack

The US Cybersecurity and Infrastructure Security Agency recently issued a warning to all companies running VMware Vcenter Server and VMware Cloud Foundation. They are asking them to download and apply the latest security patches as soon as possible because attackers...

Send us a message

Your message was sent.

Thank you for contacting Bayou Technologies. We'll be in touch soon!

Need help? support-icon