A group of engineers, including experts from the University of Florida, the University of New York at Stony Brook and Samsung Research America, discovered a vulnerability that dates back to the 1970s and 1980s. It turned out that smartphones 11 vendors can be hacked using the so-called AT commands used for modems.
The study tested about 2000 Android-images used by 11 companies to install on smartphones: ASUS, Google, HTC, Huawei, Lenovo, LG, LineageOS, Motorola, Samsung, Sony and ZTE. A complete list of models and versions of the software is published on a specialized website. All tested images supported more than 3500 AT commands.
Using commands, attackers can access a number of important functions of mobile devices, many “loopholes” are not documented by manufacturers. For this, hackers, however, need physical access to the device to connect to it via the USB interface. A third-party component installed in the docking station or charger can also be used, which greatly simplifies hacking.
By sending an AT command, attackers can inject their own code into the system software, bypass Android protection, retrieve the information stored there, or simulate interaction with the user’s smartphone.
Smartphone manufacturers are notified of the vulnerability. In the plans of researchers to test a similar method on Apple mobile phones. In addition, they will try to send commands over Wi-Fi and Bluetooth.