Hackers can seize control of your phone using software preinstalled by your carrier

Smartphone Hack

With fears over hacking and NSA spying still mounting, the last thing we needed was yet another report of a serious vulnerability that leaves millions of people at risk — but that’s exactly what we got recently when news broke of a huge security vulnerability that impacts millions upon millions of Android phones, BlackBerry handsets and even some iPhones.

Security researchers Mathew Solnik and Marc Blanchou with Accuvant Labs recently told Wired about a massive security hole that they’re about to expose.

During the upcoming Black Hat security conference in Las Vegas, Nevada next week, the researchers will shed light on a serious threat present in third-party device management software that numerous carriers install on Android phones and BlackBerry handsets. The software is also apparently present on Sprint’s version of the iPhone.

Solnik and Blanchou said that they haven’t yet tested Windows Phone devices to determine whether or not they are vulnerable as well.

According to the report, carriers use the device management tool in question to send software updates over the air (OTA), and also to update various device settings. Using the vulnerability discovered by the researchers, malicious hackers would be able to seize control of a device and potentially steal private data.

“To give carriers the ability to do these things, the management tool operates at the highest level of privilege on devices, which means an attacker who accesses and exploits the tool has the same abilities as the carriers,” Wired noted.

More details about how the exploit works will be revealed next week.

Source:
Wired
blog comments powered by Disqus