In this day and age of surveillance everywhere from your traffic signal to your lobby and now thanks to NSA's snooping on your personal communications with your near and dear ones, a article in Wired has made matters worse. Wired article says that the built in tools or embedded software as its technically called, in the smart phone offer unrestricted access to the the carrier, and of course a potential hacker. A study by Mathew Solnik and Marc Blanchou, two research consultants with Accuvant Labs took just a few months to discover the vulnerabilities and exploit them. It goes on to say that almost all smart phone that the researchers examined would allows a potential hacker to change all its cellular network functionality and in many cases, they could also control firmware updates.
|HTC One M7 one of the easiest phone to compromise|
All this was discovered by two researchers who have uncovered such built-in vulnerabilities in a large number of smartphones that would allow government spies and sophisticated hackers to install malicious code and take control of the device. As per the article the attacks would require proximity to the phones, using a rogue base station or femtocell and a high level of skill to pull off. A Femtocell is a low power cellular base station usually set up by service providers for small offices/businesses or to pitch in if there is a network black out.
The two researches say that the vulnerabilities lie within a device management tool carriers and manufacturers embed in handsets and tablets to remotely configure them. Though some design their own tool, most use a tool developed by a specific third-party vendor—which the researchers will not identify until they present their findings next week at the Black Hat security conference in Las Vegas. The tool is used in some form in more than 2 billion phones worldwide. The vulnerabilities, they say, were found so far in Android and BlackBerry devices and a small number of Apple iPhones used by Sprint customers.
Two phones that provided the highest level of exploitation were the HTC One M7 and the Blackberry Z10. Among iOS devices, they found that only iPhones offered by Sprint and running an operating system prior to version 7.0.4 were vulnerable. The 7.0.4 version of the software, which Apple released in November, partially solved the issue.
You can read the full story here.