Submitted via IRC for BoyceMagooglyMonkey
[...] Unknown to the common user is that modern smartphones include a basic modem component inside them, which allows the smartphone to connect to the Internet via its telephony function, and more.
While international telecommunications bodies have standardized basic AT commands, dictating a list that all smartphones must support, vendors have also added custom AT command sets to their own devices —commands which can control some pretty dangerous phone features such as the touchscreen interface, the device's camera, and more.
[...] Once an attacker is connected via the USB to a target's phone, he can use one of the phone's secret AT commands to rewrite device firmware, bypass Android security mechanisms, exfiltrate sensitive device information, perform screen unlocks, or even inject touch events solely through the use of AT commands.
(Score: 2) by looorg on Monday August 27 2018, @07:45PM (4 children)
So we can now wait for the avalanche of malware apps that will start to dial some really expensive toll-/pay-numbers when it notes that the phone is idle and you are most likely asleep. Only much much later will you figure out the massive cost as you see you get your phonebill. Should be more money in that then in say having someone mine crypto on your phone.
(Score: 1) by nitehawk214 on Monday August 27 2018, @07:50PM (1 child)
I was going to post a comment with the title "ATDT8675309"
I did not know that AT commands were still a thing.
"Don't you ever miss the days when you used to be nostalgic?" -Loiosh
(Score: 2) by EETech1 on Tuesday August 28 2018, @03:12AM
Jenny has probably long since changed her number anyway:(
(Score: 1, Touché) by Anonymous Coward on Monday August 27 2018, @08:28PM
You could always do both
(Score: 3, Interesting) by Anonymous Coward on Monday August 27 2018, @10:38PM
Apps aren't the attack vector for this issue, it's the USB port. So if you're charging your phone through your laptop/PC then it could be compromised via malware on the computer. Further the phone likely requires additional drivers to enable the modem. For example, my Samsung phones require installing a driver package from their website (not available via Windows Update). So the phone will charge and do MTP out of the box but the modem won't be accessible; at least not on Windows. Not sure if the same is true on Linux and Mac.
The bigger risk will be using public charging stations (avoid trains and airports). If you must use them then get yourself a USB cable that lacks the data lines so nothing can talk to your device.
Also, malicious apps that fraudulently dial/text have been a thing for a very long time...
(Score: 0) by Anonymous Coward on Monday August 27 2018, @08:52PM (3 children)
So very shocking. Now how many more backdoors are baked into every goddamn thing?
(Score: 3, Interesting) by anubi on Monday August 27 2018, @10:58PM (2 children)
It will remain this way until someone is held accountable.
As long as we grant the right to hold everyone else ignorant of what is done, then do bad stuff, well, we set the stage for it.
If you know the truth, the truth will set you free. And for those of us, ( or at least those who obey the wishlist of the so-called "rightsholder" ) who willfully remain ignorant, they are ripe to be bamboozled by those who wish to pull a fast one.
Ignorance is not bliss.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 0) by Anonymous Coward on Tuesday August 28 2018, @12:45AM (1 child)
It will remain this way until people stop using proprietary software entirely, and stop accepting its existence.
(Score: 0) by Anonymous Coward on Tuesday August 28 2018, @12:49AM
It is not software per-se. It is baked into the chip. In this case if I am remembering correctly there are 2 COM ports hanging off the chip. One for USB and one for debug (using USB). Sounds like someone tied it out wrong.
(Score: 2) by SomeGuy on Monday August 27 2018, @08:57PM (2 children)
But WHY did they add all of these bizarre features?
AT commands were designed to change general behaviors of a modem, such as number of rings before answer, maximum baud rate, error correction, and such.
On simple hardware they sometimes represented actual hardware "registers", but it was really all an abstraction. And the bulk of the AT commands solidified with the Hayes command standard.
Shit to modify toy touch screen behavior or bypassing security would be insanely out of scope.
I think now we know who hired those out of work "HTML 5" devs.
+++ATH
[NO CARRIER]
(Score: 5, Interesting) by Anonymous Coward on Monday August 27 2018, @11:59PM
The things *are* modems at this point.
If these manufactures have exposed one of the wrong built in com ports then yeah the chip is pretty wide open.
There are *THOUSANDS* of AT commands you can use on the thing.
There is a 'base' command set baked into the standards. Then each manufacture adds their own set on top of that. Back when I used to work on these sorts of things. The specification printed out was about 3 inches thick of double sided single spaced paper. Someone at my office printed it out as a joke. You do not use them that way. It was quite the impressive tome.
There are several levels of commands too. Depending on the chip you usually get 4-8 COM ports. Then kernel drivers guard it and issue the commands for you. There are no passwords or anything like that. It is usually just a physical blockage to the really interesting debug ports, they do not tie out the lines. Or the chip manufacture will leave the pins out but the pads are still there.
To setup a call it literally does a ATDT. Plus I know you were being snarky but it does +++ATH when it hangs up (still called that in the docs). Can not remember off the top of my head how it sets up the PPP connection. Usually the standard and manufacture codes are something like AT~xYZ. That will either take a set of values or bin string, then will report back some standard printout or some binary structure.
It works. They never really changed it but they sure as hell extended the living hell out of it.
The carriers usually tested for it during their certification. That there are 11 phones out there that let you at this stuff shows that they failed.
The 'bizarre' features are things like how do you setup an AM/FM radio, built in IP stack, SMS, etc... Dont get me started on the unholy mess that SMS is and secret commands.
(Score: 0) by Anonymous Coward on Tuesday August 28 2018, @09:33AM
> out of work
https://github.com/whatwg/html/issues [github.com]
Doesn't seem like they are out of work just yet.
(Score: 0) by Anonymous Coward on Monday August 27 2018, @09:30PM
Ah, those were the days.
(Score: 1, Informative) by Anonymous Coward on Monday August 27 2018, @10:21PM (1 child)
If you're using untrusted public charging locations then you should be using a charge-only USB cable. These are cables without the data lines connected. You can pick them up cheap or roll your own if you're handy.
First hit I got with Google, under $5:
https://www.amazon.com/Kenable-Power-Charging-Cable-Extension/dp/B005HRSI3C [amazon.com]
(Score: 0) by Anonymous Coward on Monday August 27 2018, @11:54PM
Sure go ahead but maybe don't feel too smug.
Bluetooth is already known to be a real hazard (''BlueBorne'') and WPA2 is likely insecure as well (''KRACK'' et al.). It certainly appears Big brother needs to keep tabs on you and me at all times.
(Score: 1, Funny) by Anonymous Coward on Monday August 27 2018, @11:55PM (1 child)
This is nothing to worry about ... unless you have an Adroid phone from a major vendor. So, really, it doesn't affect many people, right?
(Score: 2) by DannyB on Tuesday August 28 2018, @01:55PM
It's nothing to worry about because it is completely secure. After all, the AT commands are SECRET.
If I printed them on a T-shirt, I could still keep them secret by wearing the T-shirt inside out.
If you eat an entire cake without cutting it, you technically only had one piece.
(Score: 2) by fraxinus-tree on Tuesday August 28 2018, @07:11AM (1 child)
Mine doesn't. The last one to do that had Symbian OS. In order to get to the modem interface on a modern Android, you have to run inside the phone and also be root. Hardly a hacking vector.
The bad part is that the modem itself probably has a backdoor from the cell network side. Most of them do have one - and it is generally undetectable from the phone OS.
(Score: 0) by Anonymous Coward on Tuesday August 28 2018, @08:01AM
Um ... you should probably RTFA and watch the videos. These are all new phones running last year's version of Android, and these AT commands did not require any changes to the stock phone. They got root access via the USB port simply by connecting to it.