Click to Skip Ad
Closing in...

Hackers can seize control of your phone using software preinstalled by your carrier

Published Aug 1st, 2014 9:20AM EDT
BGR

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

With fears over hacking and NSA spying still mounting, the last thing we needed was yet another report of a serious vulnerability that leaves millions of people at risk — but that’s exactly what we got recently when news broke of a huge security vulnerability that impacts millions upon millions of Android phones, BlackBerry handsets and even some iPhones.

Security researchers Mathew Solnik and Marc Blanchou with Accuvant Labs recently told Wired about a massive security hole that they’re about to expose.

During the upcoming Black Hat security conference in Las Vegas, Nevada next week, the researchers will shed light on a serious threat present in third-party device management software that numerous carriers install on Android phones and BlackBerry handsets. The software is also apparently present on Sprint’s version of the iPhone.

Solnik and Blanchou said that they haven’t yet tested Windows Phone devices to determine whether or not they are vulnerable as well.

According to the report, carriers use the device management tool in question to send software updates over the air (OTA), and also to update various device settings. Using the vulnerability discovered by the researchers, malicious hackers would be able to seize control of a device and potentially steal private data.

“To give carriers the ability to do these things, the management tool operates at the highest level of privilege on devices, which means an attacker who accesses and exploits the tool has the same abilities as the carriers,” Wired noted.

More details about how the exploit works will be revealed next week.

Zach Epstein Executive Editor

Zach Epstein has been the Executive Editor at BGR for more than 15 years. He manages BGR’s editorial team and ensures that best practices are adhered to. He also oversees the Ecommerce team and directs the daily flow of all content. Zach first joined BGR in 2007 as a Staff Writer covering business, technology, and entertainment.

His work has been quoted by countless top news organizations, and he was recently named one of the world's top 10 “power mobile influencers” by Forbes. Prior to BGR, Zach worked as an executive in marketing and business development with two private telcos.