The researchers, who presented their findings at the Usenix security conference in Baltimore this month, say that manufacturers usually set devices up to receive AT inputs for the field testing and debugging processes. The group found, though, that numerous mainstream smartphones leave the commands still accessible to anyone through a device's USB port even after they're in consumer hands.

    As a result, an attacker could set up a malicious charging station, or distribute tainted charging cables, to initiate attacks that can take control of phones, exfiltrate data, and even bypass lock screen protections.

posted by galen: 418 days ago