Security researchers discovered vulnerabilities in AT commands, used to communicate with baseband software on Android smartphones.
Hackers can use these vulnerabilities to obtain IMEI and IMSI numbers, which allow them to track their calls users, to divert calls to other numbers, to block the call function, to block access to Internet and many more.
Below you can see the 10 devices that may be affected:
- Samsung Galaxy S8 +
- Samsung Galaxy S3
- Samsung Note 2
- Huawei P8 Lite
- Huawei Nexus 6P
- Google Pixel 2
- LG G3
- LG Nexus 5
- Motorola Nexus 6
- HTC Desire Lifestyle 10
How do hackers manage to track device owners?
All smartphones come with a baseband processor that performs radio frequency functionality for cellular connectivity and a general-purpose application processor (AP).
The AP processor can send AT commands to interact with the baseband processor to perform various cellular network operations.
Security researcher Syed Rafiul Hussain and Imtiaz Karim's associates Omar Chowdhury will announce their findings next month at a security conference.
While Samsung has decided to develop a security update for the affected devices, Huawei has not yet announced any action.