HOME     MENU     SEARCH     NEWSLETTER    
NEWS & INFORMATION FOR TECHNOLOGY PURCHASERS. UPDATED ABOUT A MINUTE AGO.
You are here: Home / Enterprise I.T. / 2 Billion Devices at Risk To Be Hacked
Neustar, Inc.
Protect your website & network using real-time information & analysis
www.neustar.biz
Hidden Controls Expose 2 Billion Devices to Hackers
Hidden Controls Expose 2 Billion Devices to Hackers
By Jef Cozza / NewsFactor Network Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
AUGUST
07
2014

Hidden software secretly installed on cars, mobile phones, and laptops has put roughly two billion devices at risk of being hijacked or attacked by hackers, according to new research. The vulnerability is so widespread that even automobiles use the software that contains the security flaw, said security scientists presenting at the Black Hat USA security conference in Las Vegas this week.

The software, known as the Open Mobile Alliance Device Management (OMA-DM) protocol, is also found on many other devices connected to the Internet. It is installed by manufacturers at the behest of data and telephone carriers as a way to allow the companies to troubleshoot devices, deliver firmware updates and remotely change network configurations.

The vulnerability was discovered by Mathew Solnik and Marc Blanchou, security researchers with Denver-based firm Accuvant. They analyzed the OMA-DM implementation on devices for Apple, Android and BlackBerry sold in the U.S. and other countries. The two offered details of their research Wednesday in a presentation titled “Cellular Exploitation on a Global Scale: The Rise and Fall of the Control Protocol.”

Easy Access for Hackers

“Carriers embed control software into most mobile devices,” said Ryan Smith, Accuvant vice president and chief scientist. “Our researchers found serious security vulnerabilities in the carrier control software used in a large number of cell phones across platforms and carriers.”

The Accuvant scientists focused on an implementation of the protocol developed by Red Bend Software, which they said is installed on 70 percent to 90 percent of all carrier-sold phones on the planet.

Unfortunately, the way in which many carriers implement the security on the OMA-DM protocol makes it extremely easy for attackers to gain high-level access to customers’ devices. Controlling a device, such as a cell phone, through OMA-DM requires a two-part authorization code consisting of the device’s unique ID number and a secret security token provided by the carrier.

However, some carriers use the same token for every device on their networks. Under those circumstances, anyone who compares the authorization codes of two or more devices can easily extract the security token, and use it in combination with a device's ID number to gain access to it.

Cars with OnStar at Risk

Once a hacker is able to access a device remotely, he can listen in on phone conversations, steal passwords for a user’s financial accounts, or even hijack control of the device entirely. The security flaw can be found in a wide variety of mobile devices and platforms, including those built for Android, BlackBerry and a small number of iOS devices.

The vulnerability even extends to vehicles that make use of the OMA-DM protocol. Automobiles that have the OnStar roadside assistance service, for example, could be attacked by hackers through the exploit.

Tell Us What You Think
Comment:

Name:

Gareth:
Posted: 2014-08-08 @ 4:56am PT
So it is not an issue with the phone manufacturers, but instead the carrier and their software. So to say "security flaw in a wide variety of Android, BlackBerry and some iOS mobile devices and platforms" is in fact incorrect.

Like Us on FacebookFollow Us on Twitter
TOP STORIES NOW
MAY INTEREST YOU
ISACA® offers a global community of more than 115,000 IS/IT constituents in over 180 countries. We develop and deliver industry-leading certifications, education, research and business frameworks. We equip individuals to be leaders in the fast-changing world of information systems and IT - Learn More>
MORE IN ENTERPRISE I.T.
Product Information and Resources for Technology You Can Use To Boost Your Business

© Copyright 2014 NewsFactor Network, Inc. All rights reserved. Member of Accuserve Ad Network.