AT Command Hitch Leaves Android Phones Open to Attack
Researchers used AT commands to rewrite device firmware, bypass Android security mechanisms, exfiltrate sensitive device information, and unlock screens.
Attackers can use AT commands to launch several malicious functions on an array of Android devices, including extracting data, rewriting the smartphone firmware and bypassing Android security measures. All they need, according to researchers who developed a proof-of-concept (PoC) attack, is the device and a USB connection.
The PoC targets AT (ATtention) commands, which are traditionally used to control wired dial-up modems; these consist of a series of short text lines that can be strung together for commands like dialing or hanging up.
AT commands are in widespread use among smartphones, and while some commands have been standardized, many smartphone manufacturers have designed their own customized commands. For instance, AT commands on Sony Ericsson smartphone can access GPS accessories, researchers said.
A team of researchers from the University of Florida and Samsung Research America recently found that these vendor-specific AT command interfaces have an “alarming” amount of unconstrained functionality – marking a broad attack surface for Android devices.
“AT commands act as a universal interface between the Android OS and lower-level components, such as the baseband modem, and we found that some vendors extend the AT command set in specific, undocumented ways to add a considerable amount of additional functionality (e.g., take a picture, inject touch events, replace firmware),” Grant Hernandez, Dave Tian and Kevin Butler (all of the University of Florida and who contributed to the findings), told Threatpost. “They appear to serve a role, likely for testing and debugging, but ensuring that access to them is controlled against untrusted and malicious adversaries is vitally important.”
Source | threatpost