HOME     MENU     SEARCH     NEWSLETTER    
NEWS & INFORMATION FOR TECHNOLOGY PURCHASERS. UPDATED 10 MINUTES AGO.
You are here: Home / Enterprise I.T. / 2 Billion Devices at Risk To Be Hacked
Hidden Controls Expose 2 Billion Devices to Hackers
Hidden Controls Expose 2 Billion Devices to Hackers
By Jef Cozza / NewsFactor Network Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
AUGUST
07
2014
Hidden software secretly installed on cars, mobile phones, and laptops has put roughly two billion devices at risk of being hijacked or attacked by hackers, according to new research. The vulnerability is so widespread that even automobiles use the software that contains the security flaw, said security scientists presenting at the Black Hat USA security conference in Las Vegas this week.

The software, known as the Open Mobile Alliance Device Management (OMA-DM) protocol, is also found on many other devices connected to the Internet. It is installed by manufacturers at the behest of data and telephone carriers as a way to allow the companies to troubleshoot devices, deliver firmware updates and remotely change network configurations.

The vulnerability was discovered by Mathew Solnik and Marc Blanchou, security researchers with Denver-based firm Accuvant. They analyzed the OMA-DM implementation on devices for Apple, Android and BlackBerry sold in the U.S. and other countries. The two offered details of their research Wednesday in a presentation titled “Cellular Exploitation on a Global Scale: The Rise and Fall of the Control Protocol.”

Easy Access for Hackers

“Carriers embed control software into most mobile devices,” said Ryan Smith, Accuvant vice president and chief scientist. “Our researchers found serious security vulnerabilities in the carrier control software used in a large number of cell phones across platforms and carriers.”

The Accuvant scientists focused on an implementation of the protocol developed by Red Bend Software, which they said is installed on 70 percent to 90 percent of all carrier-sold phones on the planet.

Unfortunately, the way in which many carriers implement the security on the OMA-DM protocol makes it extremely easy for attackers to gain high-level access to customers’ devices. Controlling a device, such as a cell phone, through OMA-DM requires a two-part authorization code consisting of the device’s unique ID number and a secret security token provided by the carrier.

However, some carriers use the same token for every device on their networks. Under those circumstances, anyone who compares the authorization codes of two or more devices can easily extract the security token, and use it in combination with a device's ID number to gain access to it.

Cars with OnStar at Risk

Once a hacker is able to access a device remotely, he can listen in on phone conversations, steal passwords for a user’s financial accounts, or even hijack control of the device entirely. The security flaw can be found in a wide variety of mobile devices and platforms, including those built for Android, BlackBerry and a small number of iOS devices.

The vulnerability even extends to vehicles that make use of the OMA-DM protocol. Automobiles that have the OnStar roadside assistance service, for example, could be attacked by hackers through the exploit.

Tell Us What You Think
Comment:

Name:

Gareth:
Posted: 2014-08-08 @ 4:56am PT
So it is not an issue with the phone manufacturers, but instead the carrier and their software. So to say "security flaw in a wide variety of Android, BlackBerry and some iOS mobile devices and platforms" is in fact incorrect.

Like Us on FacebookFollow Us on Twitter
TOP STORIES NOW
MAY INTEREST YOU
UCS Invicta: Integrated Flash Why wait for the future? Unlock the potential of your applications and create new business opportunities today with UCS Invicta Series Solid State Systems. Take advantage of the power of flash technology. See how it can help accelerate IT, eliminate data center bottlenecks, and deliver the peak application performance and predictability your users demand. Click here to learn more.
MORE IN ENTERPRISE I.T.
Product Information and Resources for Technology You Can Use To Boost Your Business
© Copyright 2014 NewsFactor Network, Inc. All rights reserved. Member of Accuserve Ad Network.