AT Command Injection on the LG G4 Smartphone

preview_player
Показать описание
We leverage an unauthenticated AT command interface present in the LG G4 and other LG devices to bypass the lockscreen, control the touchscreen, and leak sensitive data.

Based off on the work from our paper "ATtention Spanned: Comprehensive Vulnerability Analysis of AT Commands Within the Android Ecosystem". Appeared at USENIX Security 2018.

Narrated by Grant Hernandez
  1. Grant Hernandez
  2. at command
  3. lg g4
  4. usenix security
  5. android
  6. vulnerability
Рекомендации по теме
What is command 0:07:46

What is command injection? - Web Security Academy

OS Command Injections 0:02:57

OS Command Injections | Owasp Top 10 Explainer Video | Secure Code Warrior

Intro to Command 0:02:45

Intro to Command Injection | Security Simplified

Command Injection Attack 0:06:03

Command Injection Attack | Demo

Getting Started with 0:13:05

Getting Started with Command Injection

What is Command 0:02:07

What is Command Injection? | Examples & Prevention Tips

OS Command Injection 0:00:53

OS Command Injection

Command Injection Explained 0:06:26

Command Injection Explained

How to Prevent 0:03:57

How to Prevent Command Injections

3 Ways to 0:00:36

3 Ways to Find and Exploit Command Injection

Command Injection - 0:10:39

Command Injection - Full tutorial | How to inject custom commands in web applications.

Testing for OS 0:02:25

Testing for OS command injection vulnerabilities with Burp Suite

Mastering Command Injection 0:08:28

Mastering Command Injection Vulnerabilities - The Ultimate Hands-On Course on Udemy!

How do i 0:04:21

How do i test for blind command injection? 🤔

6 What is 0:00:44

6 What is Command Injection Attack

Command Injection | 0:04:23

Command Injection | Real World Example

Command Injection: How 0:05:47

Command Injection: How the Shell Makes You Vulnerable

Command Injection Practical 0:05:59

Command Injection Practical Scenario | TryHackMe Epoch

Operating System Command 0:11:07

Operating System Command Injection Tutorial

AT Command Injection 0:05:34

AT Command Injection on the LG G4 Smartphone

Understanding command injection 0:06:04

Understanding command injection with filter bypass - Natas10 - Overthewire.org - Walkthrough

Command Injection Vulnerabilities 0:02:17

Command Injection Vulnerabilities - Roman Explains

Understanding command injection 0:06:40

Understanding command injection - Natas09 - Overthewire.org - Walkthrough

Discover the Hidden 0:00:43

Discover the Hidden Vulnerability in Command Injection!

Комментарии
Автор

Awesome work. Never thought those AT commands I spent so much time playing with in the 80s and 90s would even be a thing any more.

ebrandel
Автор

thank you for this information. great work

antoniopaludo
Автор

Does this Smartphone (or another one) have ATD command for dial? I would like to call a remote GSM modem (using 1 slot, i.e. 9600bps, which the GSM network see as usual voice call (I suppose).

mm
Автор

Is this command can work even if the mobile has password 🤔

abdelhameedabdelazeem
Автор

can you kindly tell me the two set of commands you used to bypass the usb connection prompt

bridgetpatience
Автор

Is there anyway to know that AT command you used to Authorize ADB? I have LG K520 as my test device, and switching USB mode to adb works great, but device does not show authorization popup. I was just wondering if it is possible to authorize without popup too.

shadabmozaffar
Автор

3m21s - did you intend to show that At command, or did you intend to start pixalating a few seconds before?

eggz
Автор

Is this attack effective against Android 7/8/9?

PeterMcIntyre
welcome to shbcf.ru