Researchers used AT commands to rewrite device firmware, bypass Android security mechanisms, exfiltrate sensitive device information, and unlock screens. Attackers can use AT commands to launch several malicious functions on an array of Android devices, including extracting data, rewriting the smartphone firmware and bypassing Android security measures. All they need, according to researchers who developed a proof-of-concept (PoC) attack, is the device and a USB connection.
ORIGINAL SOURCE: Threatpost