Click to Skip Ad
Closing in...

Government-backed research suggests millions of smartphones have built-in security flaws

Published Aug 8th, 2018 2:17PM EDT
BGR

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

Well, this is comforting. Researchers funded by the Dept. of Homeland Security have found security vulnerabilities built into smartphones at the device level, vulnerabilities that reportedly exist across devices offered by the four leading U.S. cell phone carriers.

What’s more, those holes are such that hackers could use them to obtain access to a user’s emails, text messages and more, all without the owner’s knowledge.

A source familiar with the research told the news outlet Fifth Domain that millions of U.S. smartphone users are potentially affected. Homeland Security official Vincent Sritapan told Fifth Domain during this week’s Black Hat conference in Las Vegas that the security flaws are such that someone could use them to “escalate privileges and take over the device.”

The vulnerabilities apparently live deep in the operating system of affected phones from carriers including Verizon, AT&T, T-Mobile and Sprint, though other unmentioned carriers are affected. Kryptowire, a mobile security firm funded through a Homeland Security research center, led the research uncovering the vulnerabilities.

It was the discovery of a security flaw last year in Blu phones, which Amazon temporarily stopped selling, that kicked off this new research. It’s not yet clear how many smartphone users in the U.S. are affected, but Fifth Domain speculates that the potentially large pool may include government officials as well.

“This is something that can target individuals without their knowledge,” Kryptowire founder Angelos Stavrou told Fifth Domain. The outlet continues: “Stavrou said that manufacturers were notified of the flaws as early as February. However, some manufacturers did not publish their vulnerability disclosure process, and the researchers were initially not sure if the device makers had received the disclosure because Kryptowire did not receive a reply, Stavrou said. He said all manufacturers are now aware of the vulnerabilities.”

In related news, Reuters is also reporting this morning the existence of a chip with a security flaw inside Samsung’s Galaxy S7 phones that puts millions of devices at risk to hackers who can spy on the device owners.

“Researchers from Austria’s Graz Technical University told Reuters,” the outlet reported, “they have figured out a way to exploit the Meltdown vulnerability to attack Galaxy S7 handsets.”

Researcher Michael Schwarz told Reuters the team is looking into the impact of Meltdown on other smartphone makes and models and affect to find more affected devices soon. About the S7 news specifically, the team is expected to release findings today at the Black Hat conference.

Andy Meek Trending News Editor

Andy Meek is a reporter based in Memphis who has covered media, entertainment, and culture for over 20 years. His work has appeared in outlets including The Guardian, Forbes, and The Financial Times, and he’s written for BGR since 2015. Andy's coverage includes technology and entertainment, and he has a particular interest in all things streaming.

Over the years, he’s interviewed legendary figures in entertainment and tech that range from Stan Lee to John McAfee, Peter Thiel, and Reed Hastings.