Top Leaderboard, Site wide
Shop the Truthdig Gift Guide 2014
December 28, 2014
Truthdig: Drilling Beneath the Headlines
Sign up for Truthdig's Email NewsletterLike Truthdig on FacebookFollow Truthdig on TwitterSubscribe to Truthdig's RSS Feed

Get Truthdig's headlines in your inbox!


Investment Falters as Fossil Fuels Face ‘Perfect Storm’
Satellite Provides Sharper Picture of Shrinking Ice Sheet




Living on a Dollar a Day


Truthdig Bazaar more items

 
Ear to the Ground

Hijacking Cellphones Isn’t Nearly As Hard as It Should Be

Email this item Email    Print this item Print    Share this item... Share

Posted on Aug 7, 2014

Shutterstock

Hacking into cellphones, or staging a hostile takeover, doesn’t require a lot of fancy tricks or even that many steps, according to two experts who sounded the alarm Wednesday at a security conference in Las Vegas.

According to Mathew Solnik and Marc Blanchou of Accuvant Labs in Denver, the vulnerability lies in cellphone carriers’ reliance upon the Open Mobile Alliance Device Management (OMA-DM) protocol, which is currently a bit more “open” than it should be.

Also read: T-Mobile Slapped With FTC Lawsuit for Phony Charges

The two experts made their case at the BlackHat conference, and Tom’s Guide relayed their startling findings Thursday:

OMA-DM is used by cellular carriers worldwide to provision, troubleshoot and send software updates to phones. For example, if you bought an Android phone from a carrier rather than from Google, Blanchou and Solnik explained, then the phone’s software updates come through OMA-DM. (Most iPhones and iPads do not use the standard, except for devices sold by Sprint.)

Yet the security of those software updates can be trivial to bypass. Many carriers verify updates with a “signature” that is a combination of the targeted device’s unique ID number and a secret encoding token, but some carriers, the researchers said, use a single token for all updates to all devices on their networks.

[...] The phones’ regular communications with the carriers’ OMA-DM servers are also vulnerable. Due to poor implementation of secure-transmission standards, it’s often possible to stage “man-in=the-middle” attacks in which a hacker secretly intercepts and modifies messages traveling between the phone and the carrier.

What’s more, the report added, tablets and laptops, along with some vehicles, are also susceptible to this kind of hacking, and the problems are increasing as carriers switch to 4G networks. Fasten your seat belts.

—Posted by Kasia Anderson

More Below the Ad

Advertisement

Square, Site wide

New and Improved Comments

If you have trouble leaving a comment, review this help page. Still having problems? Let us know. If you find yourself moderated, take a moment to review our comment policy.

 
Right 1, Site wide - BlogAds Premium
 
Right Skyscraper, Site Wide
Right 2, Site wide - Blogads
 
Join the Liberal Blog Advertising Network
 
 
 

A Progressive Journal of News and Opinion   Zuade Kaufman, Publisher   Robert Scheer, Editor-in-Chief
© 2014 Truthdig, LLC. All rights reserved.

Like Truthdig on Facebook