Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Phones from 11 manufacturers may be attacked by hidden AT commands
Researchers have found that millions of mobile devices come from 11 smartphone manufacturers that can be attacked by AT commands.
The AT (ATention) or Hayes script, which consists of short string commands, has been developed since the early 1980s for transmission over telephone lines and modem control.Different AT commands can be combined to tell the modem to call, hold or change connection parameters.
A team of researchers from the University of Florida, Stony Brook and Samsung Research America have found out which AT command is currently supported on Android devices.Analysis of more than 2,000 Android firmware from 11 OEMs such as ASUS, Google, HTC, Huawei, Lenovo, LG, LineageOS, Motorola, Samsung, Sony and ZTE, they found that these devices support more than 3,500 AT command types, some of them have potential risks.
These AT commands are likely to be attacked via USB interface, when an attacker takes over the device or hides malicious code inside the dock or charging station.When connected, an attacker can use the secret AT command to rewrite the device's firmware, bypass Android's security mechanism, get important information .
In the best case, AT commands will only work when USB Debugging is turned on, but on many devices, the attacker can directly access the AT command even though the device is locked.Sometimes OEMs do not mention these commands.
Below is a video describing the actual attack on LG G4
As the video above, the most dangerous is when an attacker can mimic the touch screen, take full control of the device, install a malicious application to continue monitoring.
Phone manufacturers have been notified of the AT attack capability via the phone's USB interface.They also posted a website of phone models and a firmware version that could be hacked.
After checking the AT commands on the Android device via USB interface, researchers will also work on Apple devices, but only if the AT command can be used via remote access connections such as WiFi. or Bluetooth.
Site list of devices and firmware https://atcommands.org/atdb/vendors
See more:
- Fortnite for Android has a security vulnerability
- Android collects user data even when the device is not 50 times more than iOS
- 5 types of malware on Android
Jessica TannerYou should read it
- Detect new malicious code to attack Android device
- Tips for Controlling Android Devices from Another Android Device
- Good tips for Android devices
- Vulnerabilities in Android allow malware to read device information even without permission
- Android apps used by the US military in combat have security holes
- Google patched 17 security holes in May's Android update
- Settings that help improve the security of your Android device
- Android SDK - Download Latest Android SDK
May be interested
- Vulnerabilities in Android allow malware to read device information even without permission
a vulnerability in android allows poisoned applications to pass the request to allow the right to read device information, thereby 'peeking out' more information than allowed, including the ability to help it track equipment location. - Already have Samsung Internet 9.0 with many upgrade points, invite you to download and experiencesamsung internet is one of the browsers that brings quality and good experience to users. recently, samsung internet 9.0, the version for galaxy s9 + built on android 9 pie has appeared.
- Facebook was attacked, more than 50 million user accounts are at risk of being leakedmore than 50 million facebook user accounts are affected by a recent cyber attack. this is a new announcement released by the world's largest social network.
- There is a new zero-day vulnerability in Windowsthe vulnerability posted on twitter and on github also has a poc that demonstrates one of the ways this error exploits the machine, making it impossible to boot.
- If you do division by 0 on a computer, what will happen?the video in the lesson will show you how crazy the computer is when doing calculations divided by 0.
- China has at least 10 PoP presence points to hijack the network architecturechina is using bgp hijack and creating new paths for network traffic in western countries through one of their largest telecommunications companies.
Summary of the common Run CMD commands
OnePlus is cherishing a phone with a unique hidden camera
How to access VMware ESXi hidden interface
8 super hidden features on the phone or you may not know
9 great hidden features on Android you may never know