Your Web News in One Place

An Interest In:

Web News this Week

Search Archive

Some of Our Sources

View All Sources

Help Webnuz

Referal links:

Sign up for GreenGeeks web hosting
August 26, 2018 07:11 pm

Smartphones From 11 OEMs, Including Google, Samsung, HTC, Lenovo and Sony, Vulnerable To Attacks Via Hidden AT Commands

An anonymous reader writes: In massive and groundbreaking research, a team of eleven scientists from the University of Florida, Stony Brook University, and Samsung Research America, have looked into what types of AT commands, or the Hayes command set, are currently supported on modern Android devices. The research team analyzed over 2,000 Android firmware images from eleven Android OEMs such as ASUS, Google, HTC, Huawei, Lenovo, LG, LineageOS, Motorola, Samsung, Sony, and ZTE. They say they discovered that these devices support over 3,500 different types of AT commands, some of which grant access to very dangerous functions. These AT commands are all exposed via the phone's USB interface, meaning an attacker would have to either gain access to a user's device, or hide a malicious component inside USB docks, chargers, or charging stations. Once an attacker is connected via the USB to a target's phone, s/he can use one of the phone's secret AT commands to rewrite device firmware, bypass Android security mechanisms, exfiltrate sensitive device information, perform screen unlocks, or even inject touch events solely through the use of AT commands.

at Slashdot.


Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/cDrScfKrm2M/smartphones-from-11-oems-including-google-samsung-htc-lenovo-and-sony-vulnerable-to-attack

Share this article:    Share on Facebook
View Full Article

Slashdot

Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..

More About this Source Visit Slashdot