• About Us
Sunday, 23 August, 2020
IT Security Guru
Advertisement
  • Latest News
  • About Us
  • Topics
    • Cloud Security
    • Regulation
    • Contactless News
    • Breaking Cyber News
    • Data Protection
    • DDoS
    • Featured
    • Guru Picks
    • Hacking News
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • News
      • Editor’s News
      • Top 10 Stories
      • This Week’s Gurus
      • Opinions & Analysis
    • Security News
    • Threat Detection
  • Insight
  • Media
    • Podcasts
    • Webinars
  • Product Reviews
No Result
View All Result
  • Latest News
  • About Us
  • Topics
    • Cloud Security
    • Regulation
    • Contactless News
    • Breaking Cyber News
    • Data Protection
    • DDoS
    • Featured
    • Guru Picks
    • Hacking News
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • News
      • Editor’s News
      • Top 10 Stories
      • This Week’s Gurus
      • Opinions & Analysis
    • Security News
    • Threat Detection
  • Insight
  • Media
    • Podcasts
    • Webinars
  • Product Reviews
No Result
View All Result
IT Security Guru
No Result
View All Result

Black Hat Europe – AT command flaw allows control of Android devices

by The Gurus
October 16, 2014
in Editor's News

The capability to take control of a mobile device and install malware can be done by simply plugging it into a fake charging station.
Speaking at the Black Hat Europe conference, Andre Pereira said that while the trend for use of smartphones has increased, it also exposes our information. He highlighted the Android operating system and said that its customisation capability one was one of its benefits, and as vendors add their own software it adds another layer of software that can add to the breach capability and extend the attack surface.
This, he said, was down to the AT commands, which the modern smartphone has to communicate with the baseband and application processors. “Everything you do on it goes through the Radio Interface layer and application dials and RIL intercepts it and translates to AT commands and responds to the application,” he said.
He pointed at a vulnerability in the AT commands where an attacker can plug in phone into a computer or power source which returns a lot of information on the software, version, and mounts the external storage.
In a scenario, Pereira said that a fake charging station will flash a compromised boot rather than charge the device. For a test, they focused on the Windows 7 and Guest Xubuntu operating systems.
He said: “With an AT-FUS command, at pre-attack we have to collect normal boot partition, add malicious code by changing the boot partition. If we install an uninstallable surveillance application then the user cannot remove it, even with root access, and even upon boot it will reinstall and make surveillance as it is a launch application as will not appear among the applications.
“We tested this with anti-virus and found only AVG detected that a RAT was installed, and it shows that applications are very limited and have permissions that standard applications have.”
He concluded by saying that the USB connection should be seen as a threat and not overlooked, and the user should be held responsible when charging at unknown connections, and support for AT commands should be added.
He confirmed that all Samsung devices are vulnerable to this and the company had been made aware of the flaw.

0 0 vote
Article Rating
FacebookTweetLinkedIn
Tags: AndroidBlack Hat EuropeDevicesMalware
Previous Post

The lowdown on POODLE

Next Post

FBI warns on new Chinese hacker group Axiom

Subscribe
Notify of
guest
guest
0 Comments
Inline Feedbacks
View all comments

Recent News

Hospitals impacted after hackers target ventilator manufacture during Covid-19

Ransomware hit University of Utah pays up

August 21, 2020
Cybersecurity has become the fastest growing start-up sector in UK

Cybersecurity has become the fastest growing start-up sector in UK

August 21, 2020
Breach

Instacart customer data reportedly safe despite security incident caused by Third-party contractors

August 21, 2020
Submit your nominations now for the Most inspiring Women in Cyber 2020

Submit your nominations now for the Most inspiring Women in Cyber 2020

August 20, 2020
IT Security Guru

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Latest News
  • About Us
  • Topics
    • Cloud Security
    • Regulation
    • Contactless News
    • Breaking Cyber News
    • Data Protection
    • DDoS
    • Featured
    • Guru Picks
    • Hacking News
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • News
      • Editor’s News
      • Top 10 Stories
      • This Week’s Gurus
      • Opinions & Analysis
    • Security News
    • Threat Detection
  • Insight
  • Media
    • Podcasts
    • Webinars
  • Product Reviews

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

wpDiscuz
0
0
Would love your thoughts, please comment.x
()
x
| Reply

This site uses functional cookies and external scripts to improve your experience.

More information
Privacy Settings / PENDINGGDPR Compliance

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Accept