Slashdot Mirror
Smartphones From 11 OEMs, Including Google, Samsung, HTC, Lenovo and Sony, Vulnerable To Attacks Via Hidden AT Commands (bleepingcomputer.com)
An anonymous reader writes: In massive and groundbreaking research, a team of eleven scientists from the University of Florida, Stony Brook University, and Samsung Research America, have looked into what types of AT commands, or the Hayes command set, are currently supported on modern Android devices.
The research team analyzed over 2,000 Android firmware images from eleven Android OEMs such as ASUS, Google, HTC, Huawei, Lenovo, LG, LineageOS, Motorola, Samsung, Sony, and ZTE. They say they discovered that these devices support over 3,500 different types of AT commands, some of which grant access to very dangerous functions. These AT commands are all exposed via the phone's USB interface, meaning an attacker would have to either gain access to a user's device, or hide a malicious component inside USB docks, chargers, or charging stations. Once an attacker is connected via the USB to a target's phone, s/he can use one of the phone's secret AT commands to rewrite device firmware, bypass Android security mechanisms, exfiltrate sensitive device information, perform screen unlocks, or even inject touch events solely through the use of AT commands.
The research team analyzed over 2,000 Android firmware images from eleven Android OEMs such as ASUS, Google, HTC, Huawei, Lenovo, LG, LineageOS, Motorola, Samsung, Sony, and ZTE. They say they discovered that these devices support over 3,500 different types of AT commands, some of which grant access to very dangerous functions. These AT commands are all exposed via the phone's USB interface, meaning an attacker would have to either gain access to a user's device, or hide a malicious component inside USB docks, chargers, or charging stations. Once an attacker is connected via the USB to a target's phone, s/he can use one of the phone's secret AT commands to rewrite device firmware, bypass Android security mechanisms, exfiltrate sensitive device information, perform screen unlocks, or even inject touch events solely through the use of AT commands.
I don't know if anyone of you are into Arduino?
But it's been common knowledge for years now that you can purchase chips complete with IMEI number, multi-band RX/TX, fully featured with data, phone, simcard reader (just solder directly to pins!) mic in/speaker out pins, and the commands you send to it is via normal serial connections, you can use AT commands just like on an old HAYES(tm) modem.
The ones on ebay are often batches from really old cellphones, but very simple to code as you basically can do this just by interfacing them with an USB to SERIAL adapter, and then you can in fact use them just as a regular cellphone. I have a bunch of such chips in my drawer, let me give you some numbers for fun so you can find out for yourself, it's really an open door, surprising that so few know this, here's some numbers: NEOWAY M590E and another: SIM800L, if you google the first - you'll find tons of coding examples (which is so easy a 12 year old can figure it out), and instructional videos. The chips are often found complete with DIY PCB's someone put together as a kit out there, or presoldered, usually around 2-3 dollars, what a world we live in.
And yes, these can be wired up to become your own cellphone, simple, or smart (use an raspberry pi with a touch screen, load it up with an OS, your choice). And a little software magic aka amateur hour - and you're done.
A lot of devs, have done the same thing, it's a lot easier and a LOT more accessible to construct your own phone, than most people even dare to dream of.
What this world is coming to - is for you and me to decide.
Holy crap! I haven't used AT commands since I got rid of my external modem in the dial up internet days. Started with a 2400bps, then 9600, 33k, and 56k. When I went to 1.5meg DSL then to a whopping 3-6 meg, thought it couldn't get any better LOL. AT commands...there's a walk down memory lane!