Modem device can receive AT-commands on the USB-cable, even in the locked state.
Security researchers Paleari Roberto (Roberto Paleari) and Aristide Fattori (Aristide Fattori) have discovered a vulnerability in Samsung Galaxy smartphones. According to experts, these devices are capable modems receive AT-team USB-cable, even in the locked state.
When the smartphone is connected to a laptop, serial interface communicates with the USB-modem automatically becomes (or can be) open to attacks. According to the researchers, when disconnected the modem and ADB (tool for debugging, error detection in applications and unlock Android-devices) communication channel is still active, and access to it can be obtained even on a locked device.
“An attacker with physical access to the device can use this interface to send the modem arbitrary commands. This enables actions unauthorized locking mechanism, including making phone calls and sending SMS-messages “, – reported the researchers.
Older models of smartphones open the default serial interface, for example, on laptops running Linux, it appears in the / dev directory as a TTY device. On newer devices, an attacker would first have to change the USB configuration “2″, but it can be done even on a locked smartphone.
Paleari Fattori and developed in C language tools for the USB switching on any device connected to a laptop Samsung Galaxy in the “2″ configuration. As explained to the researchers, their switch uses libusb library, but also to attack, you can use the pseudo-file system / sys / bus / usb. First you need to help usb_reset () to reset the USB settings, and then switch the configuration using usb_set_configuration (). According Paleari and Fattori, the method may not work the first time, therefore, for a successful attack must be repeated.
All Android On newer devices, the most dangerous vulnerability allows access to user space has been fixed, but the attackers are still able to make phone calls and send SMS-messages. On older smartphones (eg Samsung Galaxy S4 mini) with commands attackers can gain access to some functions of Android. For example, the command AT + USBDEBUG activates a utility for debugging and error detection in applications, and AT + WIFIVALUE the device includes Wi-Fi.
AT-command – command set for the modem. It consists of a series of short text strings, merging together to form the complete command operations such as dialing, the beginning of the connection or change the connection settings.
No comments:
Post a Comment