Welcome to WebmasterWorld Guest from 3.80.32.33

Forum Moderators: bakedjake

Android Found Vulnerable to 1980s Tech

Using Attention (AT) commands

     
4:59 pm on Sep 1, 2018 (gmt 0)

Administrator from US 

WebmasterWorld Administrator not2easy is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Dec 27, 2006
posts:4124
votes: 261


Wired reports [wired.com] that old telephony and modem commands can target Android devices:
A team of researchers from University of Florida, Stony Brook University, and Samsung Research America has discovered that Attention (AT) commands, which date back to the 1980s, can be used to compromise Android devices. These modem and phone line controls originally told phones to dial, or hang up a call and so on. Over time, the use of AT commands expanded into modern protocols like SMS texting, 3G, and LTE, and even came to include custom commands for things like launching a camera or controlling a touchscreen on a smartphone.


Things we thought were old are being re-purposed. Not the kind of recycling you'd call beneficial.

5:55 pm on Sept 1, 2018 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:12913
votes: 891


Interesting.

Still, not much of a threat if the attacker can only access its hack through the USB or similar charging port.

If someone has that level of access, that means they have my phone. They just need to outrun me.
2:07 pm on Sept 2, 2018 (gmt 0)

Administrator from US 

WebmasterWorld Administrator not2easy is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Dec 27, 2006
posts:4124
votes: 261


It isn't only USB, as the article goes on to say, it also affects Bluetooth:
In addition to the researchers' sprawling findings about AT commands through USB interfaces, they also note that Bluetooth and other connectivity standards support AT commands. This means that there's a whole potential ecosystem of exposure from the commands beyond exploiting them through USB ports.


LG and Samsung have issued patches via updates.
7:32 am on Sept 3, 2018 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:12913
votes: 891


Well... I removed Bluetooth across my devices with the last vulnerability. Removed it from my TV as well.

That one sounded pretty scary :)