ATtention Spanned: Comprehensive Vulnerability Analysis of AT Commands Within the Android Ecosystem

Authors: 

Dave (Jing) Tian, Grant Hernandez, Joseph I. Choi, Vanessa Frost, Christie Ruales, and Patrick Traynor, University of Florida; Hayawardh Vijayakumar and Lee Harrison, Samsung Research America; Amir Rahmati, Samsung Research America and Stony Brook University; Michael Grace, Samsung Research America; Kevin R. B. Butler, University of Florida

Abstract: 

AT commands, originally designed in the early 80s for controlling modems, are still in use in most modern smartphones to support telephony functions. The role of AT commands in these devices has vastly expanded through vendor-specific customizations, yet the extent of their functionality is unclear and poorly documented. In this paper, we systematically retrieve and extract 3,500 AT commands from over 2,000 Android smartphone firmware images across 11 vendors. We methodically test our corpus of AT commands against eight Android devices from four different vendors through their USB interface and characterize the powerful functionality exposed, including the ability to rewrite device firmware, bypass Android security mechanisms, exfiltrate sensitive device information, perform screen unlocks, and inject touch events solely through the use of AT commands. We demonstrate that the AT command interface contains an alarming amount of unconstrained functionality and represents a broad attack surface on Android devices.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@inproceedings {217624,
author = {Dave (Jing) Tian and Grant Hernandez and Joseph I. Choi and Vanessa Frost and Christie Raules and Patrick Traynor and Hayawardh Vijayakumar and Lee Harrison and Amir Rahmati and Michael Grace and Kevin R. B. Butler},
title = {{ATtention} Spanned: Comprehensive Vulnerability Analysis of {AT} Commands Within the Android Ecosystem},
booktitle = {27th USENIX Security Symposium (USENIX Security 18)},
year = {2018},
isbn = {978-1-939133-04-5},
address = {Baltimore, MD},
pages = {273--290},
url = {https://www.usenix.org/conference/usenixsecurity18/presentation/tian},
publisher = {USENIX Association},
month = aug
}

Presentation Video 

Presentation Audio