Research funded by the Department of Homeland Security (DHS) has reported that millions of smartphone users are potentially at risk of having cybercriminals take total control of their mobile devices. While the names of the companies manufacturing these at risk devices have not yet been released, the DHS revealed that the flawed phones are being sold by AT&T, T-Mobile, Verizon, and Sprint, among other unnamed carriers.
The research was conducted by mobile security firm, Kryptowire, and funded by the Critical Infrastructure Resilience Institute, which is an arm of the DHS. According to Vincent Sritapan, a program manager of the DHS’ Science and Technology Directorate, the vulnerabilities use privilege-escalation flaws in order to completely take over a mobile device.
These cracks in mobile security enable hackers to access a myriad of information, such as emails, data, and text messages, all without notifying the user. Kryptowire began its research after finding comparable weaknesses in Blu mobile devices last year. While investigating Blu, Kryptowire had the ability to collect sensitive data from the device and send it to a third-party while the user had no knowledge of the action.
The issue seems to be related to the operating system on the surface, but that hypothesis doesn’t take the fact that the problem only impacts mobile devices from certain manufacturers into account. A factor of this issue could be that many device makers are implementing their own version of Android on their products.
The names of the phone makers have not been revealed by Kryptowire for security reasons. Angelos Stavrou, the founder of Kryptowire, stated that “some manufacturers did not publish their vulnerability disclosure process, and the researchers were initially not sure if the device makers had received the disclosure because Kryptowire did not receive a reply.”
The impacted companies have been notified of the security issue and are reportedly working towards solutions.
Latest posts by Tess Hanna (see all)
- Why You Should Consider Machine Learning for Mobile Security - October 19, 2018
- The Best Ways to Improve Your Mobile Security Capabilities - October 18, 2018
- ManageEngine Adds Voice Commands and Geo-Fencing to UEM Solution - October 16, 2018