Two researchers at Accuvant Labs, Mathew Solnik and Marc Blanchou, have recently discovered the existence of built-in vulnerabilities in a large number of mobile devices that would allow an attacker to gain complete control of the smartphone.
The researchers also provided a few details on the attack scheme which is based on a rogue base station (femtocell) and needs that a mobile device its proximity, the security flaw is related to a device management tool carriers and manufacturers embed in the majority of mobile devices for remote assistance.
Carriers use such kind of management tools to remotely configure the devices and send OTA (Over-The-Air) upgrades, each carrier and manufacturer has its own custom implementation of the software that usually integrates with custom functionalities. The custom tools could provide the attackers a complete control of the devices, including complete management of any function and application running on the mobile device. Any changes done with these management tools over-the-air don’t prompt the consumer.
“The management tools are implemented using a core standard, developed by the Open Mobile Alliance, called OMA device management. From these guidelines, each carrier can choose a base set of features or request additional ones. Solnik says they found that some phones have features for remotely wiping the device or conducting a factory reset, altering operating system settings and even remotely changing the PIN for the screen lock.” reports a post published on Wired.
The management tool discovered by the researchers runs with the highest level of privileges on mobile devices, these privileges could be exploited by a bad actor to gain complete control of the handset.
The experts estimated that such management tools are present in more that 2 billion devices worldwide, according to first revelation the security issue is related to Android and BlackBerry devices and impacts just a reduced fraction of Apple iPhone Smartphone distributed by Sprint company. In time I’m writing, there are no news related the existence of such tools in Windows Mobile.
The researchers say that the company that designed the management tool has issued a fix for the problem and that carriers have to distribute it to their customers.
Now the question is … is it so easy to compromise and misuse these management tools?
The exploitation for such management tools is a risky consequence of their deployment, of course carriers implement encryption and authentication to improve security of their access, but the researchers have discovered that protections are poorly implemented and exposes users to serious risks.
Mathew Solnik and Marc Blanchou will present their findings next week at the Black Hat security conference in Las Vegas, meantime, let me suggest you to keep your devices updated to the last versions.
Security Affairs – (mobile, management tools)