Over 2 billion devices exposed to hackers

Malware

by | 08 August 2014

Security scientists reveal hidden controls in smartphones.

Over two billion devices are exposed to hackers due to vulnerabilities found in remote management software on smartphones, according to security scientists from Accuvant.

Speaking at the Black Hat conference in Las Vegas, Mathew Solnik and Marc Blanchou described a number of security flaws in Android, Blackberry and a small number of iOS devices, with risk varying by carrier, make and model.

Vulnerabilities were discovered in widely deployed client implementations of the OMA Device Management (OMA-DM) protocol, the duo said, which allows carriers to remotely deploy firmware updates, change data connection settings, install applications, and lock and wipe devices.

Such features are also present in laptops, tablets and an increasing number of 'Internet of Things' devices, including those in cars, according to the pair.

Demonstrating the kind of risks devices are exposed to, Solnik and Blanchou took the example of a protocol from Red Bend Software that they claim is installed on 70-90% of carrier sold mobile phones in the world.

The software was said to be easily controlled through the device IMEI (International Mobile Station Equipment Identity) number and a static secret token which is shared by all devices on a particular carrier, both of which can be easily acquired by an attacker.

These vulnerabilities were said to be present in OMA-DM client software developed by other companies too.

Accuvant says that it has already informed Red Bend Software which has released patches to manufacturers.

Comments
Post a comment

Comments may be moderated for spam, obscenities or defamation.

Join our network

746 people like this.
0 people follow this.

Malware Intelligence

Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.