Smartphones from 11 OEMs are found vulnerable to attacks via hidden AT commands.

In massive and groundbreaking research, a team of eleven scientists from the University of Florida, Stony Brook University, and Samsung Research America, have looked into what types of AT commands are currently supported on modern Android devices.

The research team analyzed over 2,000 Android firmware images from eleven Android OEMs such as ASUS, Google, HTC, Huawei, Lenovo, LG, LineageOS, Motorola, Samsung, Sony, and ZTE.

They say they discovered that these devices support over 3,500 different types of AT commands, some of which grant access to very dangerous functions.

These AT commands are all exposed via the phone’s USB interface, meaning an attacker would have to either gain access to a user’s device, or hide a malicious component inside USB docks, chargers, or charging stations.

Once an attacker is connected via the USB to a target’s phone, he can use one of the phone’s secret AT commands to rewrite device firmware, bypass Android security mechanisms, exfiltrate sensitive device information, perform screen unlocks, or even inject touch events solely through the use of AT commands.

In the happiest cases, these AT commands are only available only when the phone’s USB debugging function has been enabled, but researchers said they found many devices where attackers had direct access to AT commands, even if the phone had entered a locked state.

“In many cases, these commands are completely undocumented,” said Kevin Butler, an associate professor in the University of Florida Herbert Wertheim College of Engineering and a member of the research team, revealing that an OEM’s documentation doesn’t even mention their presence.

Originally published on Bleeping Computer: https://www.bleepingcomputer.com/news/security/smartphones-from-11-oems-vulnerable-to-attacks-via-hidden-at-commands/