Raise awareness of environmental health issues in order to better protect our children and future generations.

09 August 2018

Phones at All Major U.S. Carriers Filled with Vulnerabilities, Say Researchers

Phones at all major US carriers filled with vulnerabilities, say researchers
by JENNIFER BISSETcnet.com, 7 August 2018

Getty Images
Manufacturers are building in flaws that could expose your data to hackers, according to research backed by the Department of Homeland Security.

Major US phone carriers may have a major problem.

Researchers funded by the Department of Homeland Security discovered security vulnerabilities in mobile devices used by Verizon, AT&T, T-Mobile, Sprint and more, DHS program manager Vincent Sritapan told Fifth Domain at the Black Hat security conference in Las Vegas on Tuesday.

The flaws are built into phones by manufacturers before they're bought, including a loophole that hackers could potentially exploit to access your data, emails and text messages without you knowing.

The flaws would "escalate privileges and take over the device," Sritapan said, and researchers don't know if hackers have exploited them yet.

In Fifth Domain's report, it says millions of users in the US are likely at risk, citing a source familiar with the research.

The Department hasn't named the manufacturers, but said they were notified as early as February. The researchers funded by the department are from Kryptowire, a mobile security firm. Because the manufacturers didn't all publish the vulnerability in their disclosure process, the researchers weren't sure they received the information, Angelos Stavrou, the founder of Kryptowire, told Fifth Domain. But he confirms they are now all aware.

"This is something that can target individuals without their knowledge," Stavrou said. The vulnerabilities "are burrowed deep inside the operating system," and it is difficult to tell whether they have been exploited.

The research first came about when Kryptowire discovered vulnerabilities in the Blu phone company. The researchers are expected to release more details later this week.

Verizon, AT&T, T-Mobile and Sprint haven't yet responded to CNET's requests for comment.


No comments:

Post a Comment

Note: Only a member of this blog may post a comment.