The capability to take control of a mobile device and install malware can be done by simply plugging it into a fake charging station.
Speaking at the Black Hat Europe conference, Andre Pereira said that while the trend for use of smartphones has increased, it also exposes our information. He highlighted the Android operating system and said that its customisation capability one was one of its benefits, and as vendors add their own software it adds another layer of software that can add to the breach capability and extend the attack surface.
This, he said, was down to the AT commands, which the modern smartphone has to communicate with the baseband and application processors. “Everything you do on it goes through the Radio Interface layer and application dials and RIL intercepts it and translates to AT commands and responds to the application,” he said.
He pointed at a vulnerability in the AT commands where an attacker can plug in phone into a computer or power source which returns a lot of information on the software, version, and mounts the external storage.
In a scenario, Pereira said that a fake charging station will flash a compromised boot rather than charge the device. For a test, they focused on the Windows 7 and Guest Xubuntu operating systems.
He said: “With an AT-FUS command, at pre-attack we have to collect normal boot partition, add malicious code by changing the boot partition. If we install an uninstallable surveillance application then the user cannot remove it, even with root access, and even upon boot it will reinstall and make surveillance as it is a launch application as will not appear among the applications.
“We tested this with anti-virus and found only AVG detected that a RAT was installed, and it shows that applications are very limited and have permissions that standard applications have.”
He concluded by saying that the USB connection should be seen as a threat and not overlooked, and the user should be held responsible when charging at unknown connections, and support for AT commands should be added.
He confirmed that all Samsung devices are vulnerable to this and the company had been made aware of the flaw.