[German]Security researchers have analyzed smartphones on behalf of the Department of Homeland Security (DHS). They found vulnerabilities in devices from four major U.S. carriers that can be exploited.
Currently the Black Hat conference is taking place in Las Vegas. The latest security vulnerabilities in products are discussed among security researchers and hackers. The meltdown vulnerability in the Samsung Galaxy S7 (Samsung Galaxy S7 vulnerable to Meltdown) has already become known public. It looks like other smartphone models are affected also by several vulnerabilities.
Many smartphones affected
Site fifthdomain.com reported here, that an investigation funded by the Department of Homeland Security (DHS) uncovered a number of vulnerabilities in mobile devices. The vulnerabilities are found in devices offered by the four major U.S. carriers (Verizon, AT&T, T-Mobile and Sprint, without naming models, but other carriers are using the same models as well). The vulnerabilities also include loopholes that could allow a hacker to access a user’s data, emails and text messages without the owner’s knowledge.
Vincent Sritapan, a program manager at the Department of Homeland Security’s Science and Technology Directorate is cited from fifthdomain.com as ‘The flaws allow a user to escalate privileges and take over the device’.
The vulnerabilities are built into devices, i.e. before a customer purchases the telephone. The DHS assumes that smartphones used in government agencies will also be affected. The security researchers say that the vulnerabilities are not limited to the devices in the US. The security researchers said it was not clear whether hackers had already exploited the loophole. The researchers are expected to provide further details of the deficiencies later this week.
Backdoor in Blu devices triggers the investigation
The investigation was conducted by Kryptowire, a Virginia-based mobile security company, and funded by the Critical Infrastructure Resilience Institute, a research center of the Department of Homeland Security.
The investigation started after Kryptowire discovered vulnerabilities or Trojans in Blu phone company devices (see). Sensitive data was collected and passed on to third parties without the user’s knowledge.