- Joined
- Oct 6, 2011
- Messages
- 5,781
- Reaction score
- 2,134
Your Samsung devices may be vulnerable to a very specific AT command attack even while your screen is locked. Before you run away from your computer in terror remember most of these bugs that are reported are found in lab settings by people actively seeking them out. For the most part this particular bug won't really affect your day to day life, as it takes someone with some serious know how to hack your phone.
What can a hacker gain with this hack? Essentially they can send text messages and phone calls from your phone without you unlocking the lock screen. Now if you hang out with guys like Ethan Hunt or James Bond you may find yourself in some serious trouble!
How does the hack work? Devices connected via USB to a computer expose a serial interface that interacts with the USB modem. Older devices expose this info automatically while newer devices have to be forced to expose the info.
.This communication channel is active even when both USB tethering and USB debugging (i.e., ADB) are disabled,” they write, “and can be accessed even when the device is locked. An attacker who gains physical access to a (possibly locked) device can thus use this interface to send arbitrary AT commands to the modem. This permits to perform several actions that should be forbidden by the lock mechanism, including placing phone calls or sending SMS messages
The SecurityAffairs article goes on to explain that the security experts used a pretty rough C tool usbswitcher to get the job done. Newer devices need a more elaborate setup. Devices that are vulnerable include Galaxy S6, Galaxy Note 3, Galaxy S4 mini, Galaxy S4 mini LTE, and Galaxy S4. Other Galaxy devices are likely vulnerable, but were not tested by the security experts.
via SecurityAffairs