Modern smartphones from over a dozen manufacturers can be hacked using the commands for the old modems. This is evidenced by research conducted by the team from the University of Florida, in conjunction with the state University of new York at stony brook and Samsung Research America.
AT commands, also known as the Hayes command set, are a set of commands submitted by the company Hayes in 1977 for its Smartmodem 300 baud modem.
Researchers have tested more than 2 million images from 11 Android smartphone manufacturers. Tested files ASUS, Google, HTC, Huawei, Lenovo, LG, LineageOS, Motorola, Samsung, Sony and ZTE. They were all “support” AT-commands. For our tests we created a database of 3.5 million unique commands.
Connecting to the smartphone via USB, an attacker using such teams can access important functions of the smartphone. And to access via USB, if the user, for example, put the smartphone on charge in the dock at the airport.
In this way, the researchers hacked into eight smartphones including Google Nexus 5, LG G4 and Samsung Galaxy S8+. They were able to launch the hidden menu and even reset the device to factory settings. Manufacturers have already notified about the found vulnerabilities.