Over one million Android devices are vulnerable to AT command set attacks