Windows 10 News and info | Forum
April 26, 2019, Loading... *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: This is a clean Ad-free Forum and protected by StopForumSpam, Project Honeypot, Botscout and AbuseIPDB | This forum does not use audio ads, popups, or other annoyances. New member registration currently disabled.
  Website   Home   Windows 8 Website GDPR Help Login Register  
By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy.
Pages: [1]
Share this topic on Del.icio.usShare this topic on DiggShare this topic on FacebookShare this topic on GoogleShare this topic on MySpaceShare this topic on RedditShare this topic on StumbleUponShare this topic on TechnoratiShare this topic on TwitterShare this topic on YahooShare this topic on Google buzz
Author Topic: Smartphones From 11 OEMs Vulnerable to Attacks via Hidden AT Commands  (Read 93 times)
Hero Member
Offline Offline

Gender: Male
United States United States

Posts: 29943

I Do Windows

WWW Email
« on: August 25, 2018, 06:44:40 PM »

Millions of mobile devices from eleven smartphone vendors are vulnerable to attacks carried out using AT commands, a team of security researchers has discovered.

AT (ATtention) commands or the Hayes command set is a collection of short-string commands developed in the early 1980s that were designed to be transmitted via phone lines and control modems. Different AT command strings can be merged together to tell a modem to dial, hang up, or change connection parameters.

Unknown to the common user is that modern smartphones include a basic modem component inside them, which allows the smartphone to connect to the Internet via its telephony function, and more.

While international telecommunications bodies have standardized basic AT commands, dictating a list that all smartphones must support, vendors have also added custom AT command sets to their own devices —commands which can control some pretty dangerous phone features such as the touchscreen interface, the device's camera, and more.

Researchers analyzed thousands of Android firmware images

In massive and groundbreaking research, a team of eleven scientists from the University of Florida, Stony Brook University, and Samsung Research America, have looked into what types of AT commands are currently supported on modern Android devices.

The research team analyzed over 2,000 Android firmware images from eleven Android OEMs such as ASUS, Google, HTC, Huawei, Lenovo, LG, LineageOS, Motorola, Samsung, Sony, and ZTE.

They say they discovered that these devices support over 3,500 different types of AT commands, some of which grant access to very dangerous functions.

Some phones expose AT commands via their USB interface

These AT commands are all exposed via the phone's USB interface, meaning an attacker would have to either gain access to a user's device, or hide a malicious component inside USB docks, chargers, or charging stations.

Once an attacker is connected via the USB to a target's phone, he can use one of the phone's secret AT commands to rewrite device firmware, bypass Android security mechanisms, exfiltrate sensitive device information, perform screen unlocks, or even inject touch events solely through the use of AT commands.

In the happiest cases, these AT commands are only available only when the phone's USB debugging function has been enabled, but researchers said they found many devices where attackers had direct access to AT commands, even if the phone had entered a locked state.

"In many cases, these commands are completely undocumented," said Kevin Butler, an associate professor in the University of Florida Herbert Wertheim College of Engineering and a member of the research team, revealing that an OEM's documentation doesn't even mention their presence.

The two videos below provide a simple explanation for AT-based attacks, but also a demo attack against an LG smartphone found to expose many internal phone functions via AT commands.

Preventing Smartphone Hacking

AT Command Injection on the LG G4 Smartphone

The biggest danger, as shown in the videos above, is an attacker's ability to mimic touchscreen taps, allowing an intruder to take full control over a device and install malicious apps for further surveillance.

"It's essentially like having a ghost user on your phone," Butler said.

Phone vendors have been notified

The research team says it notified all vendors which they found to be exposing AT commands via their phones' USB interface. They also published a website containing a database of phone models and firmware versions that they found exposing the AT interface.

Researchers only tested access to the AT command set on Android devices via the USB interface. They also plan on testing Apple devices, but also if AT commands are available via remote access vectors such as a phone's WiFi or Bluetooth connections.

The team also published a Shell script that they used during their research to examine Android firmware and find strings containing AT commands. The script is available on GitHub.

This is not the first work of its kind. It's been known for many years that Android devices are vulnerable to attacks carried out via AT commands, but this research is the most comprehensive to date.

More details about this research are available in a research paper entitled "ATtention Spanned: Comprehensive Vulnerability Analysis of AT Commands Within the Android Ecosystem." Researchers presented their white paper at the Usenix Security Symposium held in Baltimore, the USA in mid-August.

« Last Edit: August 25, 2018, 06:46:56 PM by javajolt » Logged

Pages: [1]
Jump to:  

Powered by SMF 1.1.21 | SMF © 2017, Simple Machines

Google visited last this page April 10, 2019, 12:50:23 PM