Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Phones from 11 manufacturers may be attacked by hidden AT commands
Researchers have found that millions of mobile devices come from 11 smartphone manufacturers that can be attacked by AT commands.
The AT (ATention) or Hayes script, which consists of short string commands, has been developed since the early 1980s for transmission over telephone lines and modem control.Different AT commands can be combined to tell the modem to call, hold or change connection parameters.
A team of researchers from the University of Florida, Stony Brook and Samsung Research America have found out which AT command is currently supported on Android devices.Analysis of more than 2,000 Android firmware from 11 OEMs such as ASUS, Google, HTC, Huawei, Lenovo, LG, LineageOS, Motorola, Samsung, Sony and ZTE, they found that these devices support more than 3,500 AT command types, some of them have potential risks.
These AT commands are likely to be attacked via USB interface, when an attacker takes over the device or hides malicious code inside the dock or charging station.When connected, an attacker can use the secret AT command to rewrite the device's firmware, bypass Android's security mechanism, get important information .
In the best case, AT commands will only work when USB Debugging is turned on, but on many devices, the attacker can directly access the AT command even though the device is locked.Sometimes OEMs do not mention these commands.
Below is a video describing the actual attack on LG G4
As the video above, the most dangerous is when an attacker can mimic the touch screen, take full control of the device, install a malicious application to continue monitoring.
Phone manufacturers have been notified of the AT attack capability via the phone's USB interface.They also posted a website of phone models and a firmware version that could be hacked.
After checking the AT commands on the Android device via USB interface, researchers will also work on Apple devices, but only if the AT command can be used via remote access connections such as WiFi. or Bluetooth.
Site list of devices and firmware https://atcommands.org/atdb/vendors
See more:
- Fortnite for Android has a security vulnerability
- Android collects user data even when the device is not 50 times more than iOS
- 5 types of malware on Android
Jessica TannerYou should read it
- A serious security error appeared on Android that allowed hackers to control smartphones through a photo
- Set up, control new Android TV Box faster thanks to Android TV Remote Control
- Detect new malicious code to attack Android device
- Tips for Controlling Android Devices from Another Android Device
- Good tips for Android devices
- Vulnerabilities in Android allow malware to read device information even without permission
- Android apps used by the US military in combat have security holes
- Google patched 17 security holes in May's Android update
- Settings that help improve the security of your Android device
- Android SDK - Download Latest Android SDK
- What else do you not know about Android TV?
- Phones using Viber can be attacked
Maybe you are interested
Basic Linux commands everyone needs to know - Operations on Linux are much faster
Empire commands, command codes for playing Age of Empires
Top 21 ADB commands Android users should know
Certain commands you must know when using Windows Copilot
The new attack technique uses a wireless charger to issue voice commands and heat up the device
Complete list of Rundll32 commands in Windows 11
Attack the network
Vulnerabilities in Android allow malware to read device information even without permission- Already have Samsung Internet 9.0 with many upgrade points, invite you to download and experience
- Facebook was attacked, more than 50 million user accounts are at risk of being leaked
- There is a new zero-day vulnerability in Windows
- If you do division by 0 on a computer, what will happen?
- China has at least 10 PoP presence points to hijack the network architecture
Vulnerabilities in Android allow malware to read device information even without permission
Already have Samsung Internet 9.0 with many upgrade points, invite you to download and experience
Facebook was attacked, more than 50 million user accounts are at risk of being leaked
There is a new zero-day vulnerability in Windows
If you do division by 0 on a computer, what will happen?
China has at least 10 PoP presence points to hijack the network architecture