Watch Those Chargers AT Public Spaces … A Major Android Flaw

A decade ago I wrote books on AT commands and I used to work with them extensively when I integrated with RS-232 connections and modems, but their day seemed to be past. Unfortunately, they are still around and are typically still used by venders to test their equipment.

The days of the modem have since past, but vendors have continued to use the commands, and have even expanded the number of AT commands used, in order to build in their own functionality.

So when your smart phone leaves the factory, it is given a test with scripts which call up these AT commands, and then test the phone. It is thus a lot easier to do this with these scripts than to actually get humans to do the actual testing. If something isn’t working, a tester will also use AT commands to probe the inner workings of the device.

But now researchers from the University of Florida, Stony Brook University, and Samsung Research America have discovered a number of AT (Attention)-based attacks on Android devices from 11 mobile phone venders (presented at Usenix Security Symposium):