By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

Millions of mobile devices from eleven smartphone vendors are vulnerable to attacks carried out using AT commands, a team of security researchers has discovered. AT (ATtention) commands or the Hayes command set, is a collection of short-string commands developed in the early 1980s that were designed to be transmitted via phone lines and control modems. Different AT command strings can be merged together to tell a modem to dial, hang up, or change connection parameters. Unknown to the common user is that modern smartphones include a basic modem component inside them, which allows the smartphone to connect to the Internet via its telephony function, and more. While international telecommunications bodies have standardized basic AT commands, dictating a list that all smartphones must support, vendors have also added custom AT command sets to their own devices —commands which can control some pretty dangerous phone features such as the touchscreen interface, the device's camera, and more. In massive and groundbreaking research, a team of eleven scientists from the University of Florida, Stony Brook University, and Samsung Research America, have looked into what types of AT commands are currently supported on modern Android devices. The research team analyzed over 2,000 Android firmware images from eleven Android OEMs such as ASUS, Google, HTC, Huawei, Lenovo, LG, LineageOS, Motorola, Samsung, Sony, and ZTE. They say they discovered that these devices support over 3,500 different types of AT commands, some of which grant access to very dangerous functions. Videos and more are posted on OUR FORUM.