Well, this is comforting. Researchers funded by the Dept. of Homeland Security have found security vulnerabilities built into smartphones at the device level, vulnerabilities that reportedly exist across devices offered by the four leading U.S. cell phone carriers.
What’s more, those holes are such that hackers could use them to obtain access to a user’s emails, text messages and more, all without the owner’s knowledge.
A source familiar with the research told the news outlet Fifth Domain that millions of U.S. smartphone users are potentially affected. Homeland Security official Vincent Sritapan told Fifth Domain during this week’s Black Hat conference in Las Vegas that the security flaws are such that someone could use them to “escalate privileges and take over the device.”
The vulnerabilities apparently live deep in the operating system of affected phones from carriers including Verizon, AT&T, T-Mobile and Sprint, though other unmentioned carriers are affected. Kryptowire, a mobile security firm funded through a Homeland Security research center, led the research uncovering the vulnerabilities.
It was the discovery of a security flaw last year in Blu phones, which Amazon temporarily stopped selling, that kicked off this new research. It’s not yet clear how many smartphone users in the U.S. are affected, but Fifth Domain speculates that the potentially large pool may include government officials as well.
“This is something that can target individuals without their knowledge,” Kryptowire founder Angelos Stavrou told Fifth Domain. The outlet continues: “Stavrou said that manufacturers were notified of the flaws as early as February. However, some manufacturers did not publish their vulnerability disclosure process, and the researchers were initially not sure if the device makers had received the disclosure because Kryptowire did not receive a reply, Stavrou said. He said all manufacturers are now aware of the vulnerabilities.”
In related news, Reuters is also reporting this morning the existence of a chip with a security flaw inside Samsung’s Galaxy S7 phones that puts millions of devices at risk to hackers who can spy on the device owners.
“Researchers from Austria’s Graz Technical University told Reuters,” the outlet reported, “they have figured out a way to exploit the Meltdown vulnerability to attack Galaxy S7 handsets.”
Researcher Michael Schwarz told Reuters the team is looking into the impact of Meltdown on other smartphone makes and models and affect to find more affected devices soon. About the S7 news specifically, the team is expected to release findings today at the Black Hat conference.